Old botnets make a comeback

Bot net

Several older botnets have seen a resurgence in activity in the first quarter of 2022, including Mirai, STRRAT and Emotet, according to the latest threat report from Nuspire.

Mirai, known for co-opting IoT devices to launch DDoS attacks and first seen in 2016, showed a spike in activity in February of this year. This corresponded with the discovery of Spring4Shell, a zero-day attack on popular Java web application framework, Spring Core. The attack allows for unauthenticated remote code execution, and data show Mirai exploited this vulnerability to its botnet.

STRATT botnet, which engages in information stealing, keystroke logging, and credential harvesting from browsers and email clients, also spiked in February. This data corresponds with recent announcements identifying a new STRRAT phishing campaign. STRAAT was first seen in 2021.

Overall the quarter saw a 12.21 percent increase in botnet activity. Over the same period malware increased by 4.76 percent and exploit activity by 3.87 percent compared to the final quarter of 2021.

“With Q4 2021 being a quieter quarter for cyberattacks, we predicted Q1 2022 would see a rebound, and our data proves that out,” says J.R. Cunningham, chief security officer at Nuspire. “As zero-day attacks and numerous other vulnerabilities among big-name companies like Google and Microsoft come to light, threat actors are quickly adjusting their tactics and these exploits tend to get industry attention, but the threat posed by older and well-understood attacks still persists. It’s critical businesses of all sizes understand the costliness of these attacks and fortify their security posture accordingly.”

Elsewhere Visual Basic Application (VBA) trojans continue to be the top malware variant, comprising nearly 30 percent of all malware variants. Interestingly activity spiked just prior to Microsoft’s announcement of plans to block VBA macros by default on Office products.

Brute force attacks — when threat actors guess different combinations of potential passwords until the correct password is discovered — are by far the most popular exploit at 61 percent.

You can get the full report on the Nuspire site and there will be a webinar to discuss the findings on May 12 at 2pm ET.

Photo credit: Gunnar Assmy / Shutterstock

Author: Martha Meyer