Though the fourth quarter of 2019 saw a decrease in malicious activity, threats such as the Emotet malware continued to thrive, says Nuspire.
Organizations received a type of holiday gift during the fourth quarter of 2019 as the volume of malware and other security threats declined. However, employees returning to work after the new year presented a fresh target for cybercriminals to launch their attacks.
In its Quarterly Threat Landscape Report, the security provider Nuspire discusses the threats that marked the final quarter of 2019 and offers advice on how organizations can defend themselves against these threats.
SEE: Special report: A winning strategy for cybersecurity (free PDF) (TechRepublic Premium)
For last quarter, Nuspire detected 3.1 million different samples of malware. That level was a 22% drop in detections from the third quarter, but it still added up to 35,000 malware variants detected per day. Among these, the Emotet trojan was the top offender as attackers varied their delivery and social engineering tactics to keep users guessing.
In the fourth quarter, Nuspire caught 2.7 million botnets, a 19% decrease from the previous quarter but still totaling 30,000 infections per day. The Sora botnet was a force throughout 2019 until virtually ceasing activity by the end of the year. But Nuspire's data suggests that a new threat could spring up in 2020.
Next, 22 million security exploits were seen by Nuspire in the final quarter. Though that number was a 12% drop from the third quarter, it still added up to 255,000 detections per day. Of note was a remote code execution vulnerability discovered in the internet forum software vBulletin.
Also of impact was a rise in exploit attempts for IFS Remote Code Execution, which occurs with suspicious HTTP requests that use internal field separators.
"While we saw a reduction in known attacks in the fourth quarter, the frequency and severity of attacks will always fluctuate," Nuspire CEO Lewie Dunsworth said in a press release.
"However, the trend lines have always moved upwards," Dunsworth said. "As an industry, we must stay diligent and focused on understanding what threat actors pose the biggest threat to your business, how they will attack you, and what safeguards you have in place to detect and respond to malicious activity."
To help an organization better protect itself against malware, botnets, and security exploits, Nuspire offers the following recommendations:
- Mitigate and detect malware. The best way to mitigate malware is through a layered security approach, which requires advanced antivirus detection over legacy tools. Legacy AV software works by detecting known pieces of malware for which a signature has been created. In contrast, advanced AV products help block malware not only by using signature-based methods but by looking at heuristics and behavior. But with layered security should also come greater user awareness. Most threats are caused by internal mistakes. Ensure that your users are more aware of their own errors and know what to look for.
- Mitigate and detect botnets. Botnet activity is typically detected after an infection has occurred. After it has infected a system, the botnet will try to communicate with a Command and Control (C2) server to install additional malware or receive commands. To mitigate and detect botnet activity, you need to leverage threat intelligence, which can play a vital role in identifying C2 communications with known malicious hosts. By using threat intelligence, you can empower devices that only see source and destination IP addresses. Correlating those addresses with a threat intelligence database to identify potential bad traffic adds an additional layer to your security defenses.
- Mitigate and detect security exploits. Exploits discovered in consumer and business products can trigger a race against the clock both for customers and vendors. As vulnerabilities are disclosed, the user must mitigate the threat with patches or workarounds provided by the companies who develop these products. Beyond keeping your systems and applications up to date, using a firewall with IPS (Intrusion Prevention System) can alert you to attack signatures that might be targeting your environment.
- Tighten other defenses. Cyberattacks are predictable in that they don't stop coming. Organizations can safely assume that if it's connected, it's a target, and attackers will exploit any and all weaknesses. To tighten your security, some of the most important things you can do are to change all default passwords, implement an advanced spam filtering solution to prevent email phishing attacks, place your devices behind a firewall, and stay on top of security releases and patches. Further, if you're in the industrial industry, be sure to segment your network accordingly.
- Train Your Users. Training your users and refreshing your cybersecurity policies are both a key part of any 2020 cybersecurity strategy. A more cyber-aware company culture employs a strong first line of defense and is more agile at preventing incidents.
"Unfortunately, 2020 will see the continued evolution of old, but tried and true, threats," Shawn Pope, senior security analyst for Nuspire, said in a press release.
"Delivery will be through channels that look and seem safe but are vulnerable," Pope said. "Organizations need to be vigilant in continually reminding and educating employees of their role as the first line of defense."
The data for this report was collected from thousands of devices used by Nuspire customers, totaling more than 83 billion traffic logs through the fourth quarter of 2019.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Mastermind con man behind Catch Me If You Can talks cybersecurity (TechRepublic download)
- Windows 10 security: A guide for business leaders (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet) All the VPN terms you need to know (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)