Interactive Report Summary

Q3 2021 Threat Report

Botnet and exploitation activity saw significant spikes while malware and ransomware decreased compared to Q2 2021.
Download the Report

Top Findings at a Glance

MALWARE

VGA agents continue to dominate

Trojan, HTML Phishing & JavaSCript

BOTNET

ZeroAcess botnet has seen a resurgent

40 unique botnets detected

EXPLOIT

Brute force attacks like NetBIos increased

421,259 Exploits detected per day

Nuspire Culture - Nuspire team in 24/7 SOC room

While ransomware saw an 18.55% decrease in Q3, we expect to see it surge again during the holiday season.

Nuspire team witnessed dangerous vulnerabilities targeting Microsoft Exchange servers: ProxyShell and ProxyLogon.

Methodology

Hover over tiles to learn more

GATHER

Collects threat intelligence and data from global sources, client devices and reputable third parties.

PROCESS

Data is analyzed by a combination of machine learning, algorithm scoring and anomaly detection.

DETECT

Using Nuspire’s cloud-based SIEM, log data is ingested and alerts the security operations center (SOC). The SOC then notifies the client and works with them to remediate the threat.

EVALUATE

Analysts further scrutinize the research, scoring and tracking of existing and new threats.

DISSEMINATE

Analysts leverage the insights to constantly improve the SOC, alerting, and the community through the creation of detection rules, briefs, and presentations.

Q3 2021 in Review

July through September

Timeline graphic

July 14, 2021

CISA Issues EmergencyDirective on Microsoft WindowsPrint Spooler Vulnerability

July 15, 2021

Qlocker Ransomware Targets QNAP devices Via 7-Zip Archives

July 21, 2021

Windows ‘HiveNightmare’ Vulnerability Announced Allowing Privilege Escalation

August 23, 2021

CISA Releases Advisory on Active Exploitation of ProxyShell Vulnerabilities

September 9, 2021

Microsoft Releases Multiple Out of Cycle Patches and Updated Vulnerability Disclosures

September 21, 2021

CISA Releases Advisory Regarding NETGEAR RCE Vulnerability

Let's Dive Into the Data

#
Activity
Average
0

Total Events

0

Unique Variants

-0.37%

Total Activity

Malware

Detection, Q3 2021

Across Nuspire managed and monitored devices, there was a decrease in total malware activity compared to Q2.

How to Combat
To strengthen your defenses against malware activity, you’ll need to adopt a multiprong approach including endpoint protection platforms and cyber awareness training.

Malware

As previously witnessed, VBA Agents continue to dominate malware activity, as these are commonly deployed in phishing malspam campaigns and act as an initial loader for other malware families.

#
Activity
Average
0

Total Events

0

Unique Variants

0.61%

Total Activity

Botnets

Detection, Q3 2021

The increase in botnets can likely be attributed to Q2 2021 being one of the least active quarters we’ve seen.

How to Combat
Step up your efforts to stop botnet activity, which is usually detected post-infection. We recommend detecting malicious activity and quarantining devices to minimize botnet spread throughout the network.

Botnets

As predicted in Q2, ZeroAccess Botnet has resurged. While the botnets themselves are not new, XorDDOS and BadRabbit are two new additions.

#
Activity
Average
0

Total Events

0

Unique Variants

0.67%

Total Activity

Exploits

Detection, Q3 2021

Exploit activity increased when compared to Q2 data, and threat actors focused on targeting perimeter devices.

Exploits

When reviewing exploit attempts against protocols, NetBIOS was the most attempted protocol again as seen in previous quarters, followed by SSH.

How to Combat
Stop exploits before they do harm by patching systems and security monitoring to thwart attackers and decrease risk.

Stay Vigilant

Unfortunately, there is more in store in the cybersecurity threat scape for 2021. Download the full report to find out how you can prepare and tighten your security controls around the expected challenges highlighted by our security experts.
Download the Report