The IT Nerd

Nuspire today released its Q3 2024 Cyber Threat Report, offering an in-depth analysis of cyber threats over the past quarter. Significant findings in the report include a surge in exploit attempts, a change in ransomware group dominance and shifting trends in dark web behavior.

According to the report, exploit activity increased by over 50%, driven by a sharp rise in attacks against VPN technologies. On the ransomware front, a power shift emerged as RansomHub dethroned LockBit as the top extortion publication group, signaling evolving tactics in the ransomware ecosystem.

Key insights from Nuspire’s Q3 2024 Cyber Threat Report include:

• Exploit Activity:
  • A total of 16,964,624 exploitation events were detected in Q3, marking a 50.96% increase over Q2.
  • Over 60% of these attacks targeted unpatched or outdated systems, focusing on VPN vulnerabilities.
  • The Fortinet FortiOS SSL-VPN vulnerability (CVE-2022-42475) was the most exploited, with a significant uptick in attack attempts.
  • Exploits targeting remote work environments saw a 45% increase, further highlighting the risks posed by hybrid workforces.
• Ransomware Trends:
  • RansomHub ransomware overtook LockBit as the leading ransomware group, with an 8.06% rise in ransomware publications.
  • Nearly 30% of all ransomware-related extortion in Q3 was attributed to RansomHub’s activity.
  • 40% of successful ransomware attacks were initiated through phishing or exploited vulnerabilities.
  • Smaller ransomware groups are adopting more agile tactics to evade law enforcement and detection.
• Dark Web Listings:
  • Dark web activity decreased by 5.41% overall, but the Lumma Stealer infostealer saw a resurgence, with a 12% increase in listings.
  • Demand for compromised VPN and cloud service credentials surged, with listings for these credentials increasing by 15%.
  • High-value targets, particularly in healthcare, financial services and critical infrastructure, were prioritized in dark web transactions.

To access the complete Q3 2024 Cyber Threat Report, click here. 

Nuspire has just begun rolling out a new suite of capabilities under the banner of the Nuspire Cybersecurity Experience. Chief among them is their new AI “assistant” – Nutron, which is capable of detecting the different threats and vulnerabilities in an organizations network and providing step-by-step instructions for remediation and prioritizes the organization for addressing them.

There’s a blog post on this news here. With specific information on Nutron here.

Nuspire, a leading managed security services provider (MSSP), today released its Q2 2024 Cyber Threat Report. This latest report offers a comprehensive analysis of evolving cyber threats, highlighting a significant jump in exploit activity, shifts in ransomware operations and changes in dark web marketplace dynamics.

The Q2 2024 report indicates a 21.07% increase in exploit activity compared to Q1, underscoring the persistent and growing threat of vulnerability exploitation. Conversely, ransomware publications saw a 10.43% decrease, largely attributed to law enforcement actions against major ransomware groups. Dark web marketplace listings also experienced a 12.93% drop in overall activity, indicating potential shifts in cybercriminal tactics.

Additional findings from Nuspire’s newly-released cyber threat report:

• Manufacturing Sector: For the second consecutive quarter, this sector remained the top target for ransomware attacks, underscoring its vulnerability due to the complexity of securing IT/OT systems and its critical role in supply chains.
• Exploit Activity: A total of 14,273,495 exploitation events were detected, marking a 21.07% uptick from Q1. Key drivers included Web Server File Access attempts and attacks targeting the Log4j and Hikvision Camera vulnerabilities.
• Ransomware Trends: While ransomware publications saw a 10.43% decrease, driven by law enforcement actions against groups like LockBit, Play Ransomware activity rose, stressing the fluid nature of the ransomware ecosystem.
• Dark Web Listings: Despite an overall 12.93% decrease in dark web activity, there were substantial increases in specific listings:
  • Social Security Numbers: 113,295 listings, up 22.19%
  • Account Access: 21,168 listings, up 59.41%
• Manufacturing Sector: For the second consecutive quarter, this sector remained the top target for ransomware attacks, underscoring its vulnerability due to the complexity of securing IT/OT systems and its critical role in supply chains.

To access the complete Q2 2024 Cyber Threat Report and learn more about protecting your organization, visit Nuspire’s website.

Nuspire today unveiled its Q1 2024 Cyber Threat Report. This latest report provides an in-depth examination of the changing dynamics in cyber threats, highlighting rises in ransomware, dark web commerce and exploit activities, alongside measures to safeguard against these threats.

The Q1 2024 report spotlights a 3.69% rise in ransomware activities from Q4 2023, punctuating the persistent threat ransomware groups pose. Additionally, dark web market activity saw a staggering 58.16% increase in listings, indicating significant growth in the trade of stolen data and illicit goods.

Exploitation events also experienced a sharp uptick, with a 52.61% increase in total activity from Q4. The report specifically points to the exploitation of the Hikvision Product SDK WebLanguage Tag Command Injection vulnerability (CVE-2021-36260) as a leading concern.

Additional findings from Nuspire’s newly-released cyber threat report:

• Despite the U.S. Department of Justice’s disruption of LockBit’s operations on Feb. 20, 2024, the group’s extortion publications experienced only a temporary decline before rapidly recovering, resulting in a 1.74% increase in LockBit’s publications by the end of Q1 2024 compared to Q4 2023.
• The manufacturing sector, crucial to supply chains and rich in intellectual property, faced a jump in ransomware attacks from LockBit and CL0P. The growth in attacks highlights the vulnerabilities this industry often faces resulting from complex IT/OT systems, underinvestment in cybersecurity and the sector’s historical prioritization of operational continuity over security measures.
• The report also revealed a more than twentyfold increase in exploit attempts against the Hikvision Product SDK WebLanguage Tag Command Injection vulnerability (CVE-2021-36260) compared to Q4’s data. This vulnerability allows for remote device hijacking without user interaction on Hikvision security cameras.
• Listings on dark web marketplaces featuring Lumma Stealer saw a significant increase, more than doubling from Q4 2023. Lumma Stealer emerged in 2023 and quickly became a leader in infostealing malware.

To access the Q1 2024 Cyber Threat Report and learn more about protecting your organization, visit Nuspire’s website.

Nuspire, a leading managed security services provider (MSSP), today announced the addition of Chris Roberts as the Chief Strategy Executive & Evangelist. With a distinguished 30+ year career in cybersecurity, Chris Roberts has proven his invaluable capacity to connect with and engage technical teams, executives and clients across diverse industries.

Roberts’ role at Nuspire will encompass thought leadership, technical expertise to help guide the development of our services platform and strategic guidance to support the company’s continued growth. His expertise in transportation, supply chain and other critical sectors will bolster Nuspire’s commitment to delivering cutting-edge technical knowledge and industry insights, particularly as the industry navigates the complexities of artificial intelligence, adversarial and threat monitoring, and incident response.

Chris Roberts is set to be a prominent figure in Nuspire’s educational and thought leadership initiatives, including podcasts, fireside chats and global conferences. He is also co-hosting Nuspire’s upcoming LinkedIn Live series, “SOC It to Me,” a biweekly show where he decodes the latest cyber threat developments, provides his insights and has a few laughs along the way.

 Nuspire, a leading managed security services provider (MSSP), today announced that it has added Dark Web Monitoring to its portfolio of services and solutions. By integrating Dark Web Monitoring with Nuspire’s detection and response services, the new offering fortifies the existing managed security suite with a dual-layered defense strategy, effectively safeguarding client environments against both external intrusions and internal vulnerabilities.

Dark web intelligence is crucial for organizations aiming to detect and anticipate cybersecurity threats at their inception. This early detection is vital, as it occurs when threat actors are in the planning stages of their attacks. However, translating this raw intelligence into actionable strategies can be challenging because security teams often face hurdles such as a lack of context, time constraints and limited resources.

Nuspire’s Dark Web Monitoring service addresses these challenges by providing cybersecurity teams with actionable intelligence, enhancing both internal and external threat detection capabilities. This service not only identifies potential cyberattacks originating from the dark web, but also offers contextual analysis and recommended mitigation strategies.

The service works by scouring dark web marketplaces, forums, select threat actor communication channels, ransomware blackmail sites, credential exposure points and pastebins to locate compromised data from your organization. Dark Web Monitoring can integrate with any of Nuspire’s managed security services or can be used as a stand-alone service, and provides:

• Continuous Dark Web Monitoring: Includes constant surveillance of the dark web to identify emerging threats.
• Brand and Typo Squatting Monitoring: Continuously scans the internet for instances of brand impersonation and fraud intended to exploit customers, steal sensitive information or distribute malware. Includes option to add takedown services.
• Data Breach Alert System: Promptly notifies organizations when their data is discovered on the dark web, enabling them to respond rapidly to potential security breaches.
• Threat Analysis Reporting: Detailed reports offer insights into the nature and potential impact of threats detected on the dark web.
• Customized Threat Intelligence: Provides threat intelligence specifically tailored to each organization’s unique needs.
• Expert Alert Review: Cybersecurity experts analyze alerts to ensure they are accurate and relevant, helping to filter out false positives so organizations can focus on genuine threats.
• Combine with Detection & Response Services: Nuspire experts handle the investigation and remediation directly in a client’s environment.

Learn more about Nuspire’s new Dark Web Monitoring service.

Nuspire today unveiled its Q4 and Full-Year 2023 Cyber Threat Report. The report provides an in-depth look at the latest trends in malware, botnets, exploits and ransomware, painting a comprehensive picture of the current state of cybersecurity threats. 

The report documents a 187% explosion in exploit activity for the year, buoyed by the widespread use of Secure Shell (SSH) brute forcing and a marked rise in the use of Web Server Password File Access. Botnet activity grew 25% year-over-year, with Torpig Mebroot comprising 56% of all botnet detections in 2023. Conversely, malware dropped 27% from 2022; however, ransomware extortion publications grew nearly 18%, with LockBit, CL0P, ALPHV and BlackBasta driving the most activity.  

Additional findings from Nuspire’s newly-released cyber threat report include: 

• In Q4 alone, exploits increased by 132.91%. There was a significant shift in threat actor tactics, with a marked rise in the use of Web Server Password File Access, an information disclosure exploit. This exploit saw a steady increase each quarter of the year, culminating in a 133.21% increase since Q1. 
• While malware decreased year-over-year, it saw a significant surge in Q4, increasing by 89%, with JavaScript phishing variants dominating the activity.  
• Ransomware remained a critical threat throughout the year, with BlackBasta ransomware’s activity escalating by 353.66% in Q4, making it the second most active ransomware operator for the quarter, and the fourth most active for the year.  
• Botnets saw a 25% year-over-year increase in activity, with Torpig Mebroot comprising 56% of all botnet detections in 2023. However, there was a noticeable uptick in the activity of other botnets like TorrentLocker, which quadrupled its activity in Q4. 

To access the Q4 and Full-Year 2023 Cyber Threat Report and learn more about protecting your organization, visit Nuspire’s website.  

 Nuspire today announced the release of its Q3 2023 Cyber Threat Report. This comprehensive quarterly assessment delves into the constantly shifting threat landscape, revealing vital information about malware, botnets, exploits and ransomware.

Nuspire’s latest report highlights the stark realities of today’s cyber realm, where ransomware groups like ALPHV, 8Base and Akira employ increasingly advanced tactics, and botnets like Torpig Mebroot nearly double in activity. The report reveals an alarming surge in botnet activity, with a staggering 67.51% increase in Q3 2023. It also examines the top threat groups and techniques used to target the hospitality services industry.

Notable findings from Nuspire’s newly-released cyber threat report include:

• An explosion in botnet activity of 67.51% can largely be attributed to Torpig Mebroot, clocking an increase in activity of nearly 93% over Q2 and accounting for more than 69% of all Q3 botnet activities.
• An older botnet, TorrentLocker, re-emerged in Q3 as a favorite attack method, supplanting Q2’s FatalRAT botnet in Nuspire’s list of top five botnets. TorrentLocker is primarily delivered through phishing emails, enticing victims with unpaid invoices, undelivered packages, or fines.
• Total malware detections decreased by 5.94%; however, ransomware maintained the high level of activity Nuspire witnessed in Q2.
• Two new contenders joined the list of most active ransomware families for Q3: 8Base and Akira.

Access Nuspire’s Q3 2023 Cyber Threat Report to view the data and learn key mitigation strategies for protecting your organization’s environment.

 Nuspire, a leading managed security services provider (MSSP), today announced the release of its Q2 2023 Cyber Threat Report. The quarterly report provides a comprehensive analysis of the threat landscape, examining threat data encompassing malware, botnets and exploits, as well as specific tactics, techniques and procedures (TTPs) organizations should watch out for. 

Nuspire’s latest report reveals a surge in ransomware activity, with a staggering 65% increase in activity from a newer entrant to the list of top ransomware groups: CL0P. A deep dive into the financial industry showed a 43% increase in ransomware extortions.  

Notable findings from Nuspire’s newly-released cyber threat report include: 

• Total ransomware extortion publications increased by nearly 18%.
• Apache vulnerabilities comprise 25% of exploits. Apache Software can be found in approximately 31% of all global websites, making this finding particularly concerning. 
• Botnets grew approximately 16% in Q2, with Torpig Mebroot, a trojan renowned for its data-theft capabilities maintaining its position as the top botnet detected. 

Access Nuspire’s Q2 2023 Cyber Threat Report here to view the data and learn key mitigation strategies for protecting your organization’s environment.