Interactive Report Summary
Q2 2023 Cyber Threat Report
Q2 2023’s report highlights four pivotal aspects: malware, botnet activity, exploit attempts and a special focus on the financial industry. An alarming finding was the surge in ransomware, with CL0P Ransomware increasing its extortions by 65% over Q1 2023. Learn more about the most significant threats we saw, plus get a look into the technology industry’s threat landscape in our latest report.
Download the full report Top Findings at a Glance
Industry Spotlight: Financial Services
The financial industry is one of the most popular targets for cybercriminals worldwide. The allure of vast wealth, sensitive data and the intricate web of global transactions make it a prime target for nefarious activities. Unsurprisingly, 95% of financial service breaches were financially motivated, according to Verizon’s 2023 Data Breach Investigations Report.
One of the top threats against the financial industry is ransomware attacks. Between Q1 and Q2 of this year, Nuspire clocked a 43% increase in ransomware extortions against financial institutions.
Top financial industry threat actors include CL0P Ransomware, Lazarus Group, Cozy Bear, Deep Panda and Skeleton Spider.
Methodology
How Nuspire produces its threat intelligence
Hover over tiles to learn more
April through June
Q2 2023 in Review
Q2 2023 was punctuated by the MOVEit Transfer vulnerability, which impacted hundreds of organizations and millions of people.
April
4.12
Microsoft, Fortinet, HashiCorp and Other Vendors’ April Patches Address Critical and High-Level Vulnerabilities
4.19
Critical RCE Vulnerability Affecting PaperCut Software
4.21
VMware Patches Critical vRealize Vulnerability
May
5.10
Microsoft’s May 2023 Patch Tuesday Addresses 3 Zero-Days And 6 Critical Vulnerabilities
5.18
CISA Warns of BianLian Ransomware Shifting Focus to Pure Data Extortion
5.22
Vulnerability Revealing Master Password Discovered in KeePass Password Manager
5.25
GitLab Patches Maximum Severity Vulnerability
5.31
Barracuda Patches Zero-Day in Email Security Gateways (ESG)
June
6.1
Active Exploitation of MOVEit Transfer Due to Zero-Day Vulnerability
6.13
New Critical SSL-VPN Vulnerability Receives Patch from FortiGate
6.16
MOVEit Discloses Second Critical SQL Injection Vulnerability
6.20
Critical Pre-Authentication Command Injection Vulnerability in Patched Zyxel Storage Devices
6.21
VMware Discloses Active Exploitation of Critical Vulnerability in vRealize
6.29
Linux Version of Akira Ransomware Targets VMware ESXi Servers
Activity
Average
0
Total Events
0
Unique Variants
-0.51%
Total Activity
Malware
Detection, Q2 2023Across Nuspire-managed and monitored devices, there was a decrease of 45.51% in total malware activity compared to Q1 2023
How to Combat
To strengthen your defenses against malware activity, you’ll need to adopt a multiprong approach including endpoint protection platforms and cyber awareness training.
Malware
While we saw a decrease in total malware detections in Q2, ransomware jumped nearly 18%. Moreover, CL0P Ransomware Group increased its extortion publications by a staggering 65%, heavily using the recently announced vulnerability against MOVEit Transfer software.
Activity
Average
0
Total Events
0
Unique Variants
0.76%
Total Activity
Botnets
Detection, Q2 2023Nuspire saw an increase of nearly 16% in botnet activity.
How to Combat
Step up your efforts to stop botnet activity, which is usually detected post-infection. We recommend detecting malicious activity and quarantining devices to minimize botnet spread throughout the network.
Botnets
Botnet activity remained relatively constant from Q1 to Q2 2023. Torpig Mebroot, a trojan renowned for its data-theft capabilities, maintained its top spot, followed by NetSupport RAT, Andromeda, FatalRAT and Mirai.
Activity
Average
0
Total Events
0
Unique Variants
-0.9%
Total Activity
Exploits
Detection, Q2 2023Exploit activity dropped 52.9%
How to Combat
Stop exploits before they do harm by patching systems and security monitoring to thwart attackers and decrease risk.
Exploits
Exploits saw a marked decrease in activity; however, when examining specific exploits outside of brute forcing (which continues to dwarf all other botnet activity), we found that more than 25% of all exploit attempts involve an Apache product vulnerability. Given that Apache products are used with approximately 31% of all global websites, this vulnerability should continue to be a top priority for security teams.
Stay Vigilant
While malware, botnet and exploit activity can ebb and flow, remember that it only takes one successful attack to damage your business. You can’t defend against what you can’t see, so it’s critical to have visibility into your environment and know who or what is out there that could harm you. Threat actors are always employing new or updated tactics, which means your security program needs to constantly adapt. Stay vigilant!
Download the Full Report