Interactive Report Summary

Q2 2023 Cyber Threat Report

Q2 2023’s report highlights four pivotal aspects: malware, botnet activity, exploit attempts and a special focus on the financial industry. An alarming finding was the surge in ransomware, with CL0P Ransomware increasing its extortions by 65% over Q1 2023. Learn more about the most significant threats we saw, plus get a look into the technology industry’s threat landscape in our latest report.
Download the full report

Top Findings at a Glance

MALWARE

Ransomware jumped nearly 18%

CL0P Ransomware increased extortions by 65%

BOTNET

Botnet activity rose 16%

Torpig Mebroot, NetSupport & FatalRAT most active

EXPLOIT

Apache vulnerabilities comprise 25% of exploits

Backdoor tool Double Pulsar comprises 16% of exploits
*These numbers exclude brute forcing

Business partnership coworkers using a tablet to analysis graph

Industry Spotlight: Financial Services

The financial industry is one of the most popular targets for cybercriminals worldwide. The allure of vast wealth, sensitive data and the intricate web of global transactions make it a prime target for nefarious activities. Unsurprisingly, 95% of financial service breaches were financially motivated, according to Verizon’s 2023 Data Breach Investigations Report.

One of the top threats against the financial industry is ransomware attacks. Between Q1 and Q2 of this year, Nuspire clocked a 43% increase in ransomware extortions against financial institutions.

Top financial industry threat actors include CL0P Ransomware, Lazarus Group, Cozy Bear, Deep Panda and Skeleton Spider.

Methodology

How Nuspire produces its threat intelligence 

Hover over tiles to learn more

GATHER

Collects threat intelligence and data from global sources, client devices and reputable third parties.

PROCESS

Data is analyzed by a combination of machine learning, algorithm scoring and anomaly detection.

DETECT

Using Nuspire’s cloud-based SIEM, log data is ingested and alerts the security operations center (SOC). The SOC then notifies the client and works with them to remediate the threat.

EVALUATE

Analysts further scrutinize the research, scoring and tracking of existing and new threats.

DISSEMINATE

Analysts leverage the insights to constantly improve the SOC, alerting, and the community through the creation of detection rules, briefs, and presentations.

April through June

Q2 2023 in Review

Q2 2023 was punctuated by the MOVEit Transfer vulnerability, which impacted hundreds of organizations and millions of people.

April
4.12
Microsoft, Fortinet, HashiCorp and Other Vendors’ April Patches Address Critical and High-Level Vulnerabilities
4.19
Critical RCE Vulnerability Affecting PaperCut Software
4.21
VMware Patches Critical vRealize Vulnerability
May
5.10
Microsoft’s May 2023 Patch Tuesday Addresses 3 Zero-Days And 6 Critical Vulnerabilities
5.18
CISA Warns of BianLian Ransomware Shifting Focus to Pure Data Extortion
5.22
Vulnerability Revealing Master Password Discovered in KeePass Password Manager
5.25
GitLab Patches Maximum Severity Vulnerability
5.31
Barracuda Patches Zero-Day in Email Security Gateways (ESG)
June
6.1
Active Exploitation of MOVEit Transfer Due to Zero-Day Vulnerability
6.13
New Critical SSL-VPN Vulnerability Receives Patch from FortiGate
6.16
MOVEit Discloses Second Critical SQL Injection Vulnerability
6.20
Critical Pre-Authentication Command Injection Vulnerability in Patched Zyxel Storage Devices
6.21
VMware Discloses Active Exploitation of Critical Vulnerability in vRealize
6.29
Linux Version of Akira Ransomware Targets VMware ESXi Servers

Let's Dive Into the Data

Ransomware jumps in Q2, with new gangs speeding to the forefront.

#
Activity
Average
0

Total Events

0

Unique Variants

-0.51%

Total Activity

Malware

While we saw a decrease in total malware detections in Q2, ransomware jumped nearly 18%. Moreover, CL0P Ransomware Group increased its extortion publications by a staggering 65%, heavily using the recently announced vulnerability against MOVEit Transfer software.

#
Activity
Average
0

Total Events

0

Unique Variants

0.76%

Total Activity

Botnets

Botnet activity remained relatively constant from Q1 to Q2 2023. Torpig Mebroot, a trojan renowned for its data-theft capabilities, maintained its top spot, followed by NetSupport RAT, Andromeda, FatalRAT and Mirai.

#
Activity
Average
0

Total Events

0

Unique Variants

-0.9%

Total Activity

Exploits

Exploits saw a marked decrease in activity; however, when examining specific exploits outside of brute forcing (which continues to dwarf all other botnet activity), we found that more than 25% of all exploit attempts involve an Apache product vulnerability. Given that Apache products are used with approximately 31% of all global websites, this vulnerability should continue to be a top priority for security teams.

Stay Vigilant

While malware, botnet and exploit activity can ebb and flow, remember that it only takes one successful attack to damage your business. You can’t defend against what you can’t see, so it’s critical to have visibility into your environment and know who or what is out there that could harm you. Threat actors are always employing new or updated tactics, which means your security program needs to constantly adapt. Stay vigilant!
Download the Full Report