Exploit Activity Surges 150% in Q2 Thanks to Log4Shell

  • Detections of malware events, botnet activity and exploits all increased significantly in the second quarter of 2022, according to new data from Nuspire.

    The managed security services provider (MSSP) gathered the data from its endpoint detection and response (EDR) and managed detection and response (MDR) tools to produce its Q2 2022 Quarterly Threat Report.

    The company recorded an increase in malware events of over 25%, a doubling of botnet detections and a rise in exploit activity of 150% versus the first quarter.

    Botnet activity in particular surged towards the end of Q2, thanks to the Torpig Mebroot botnet – a banking trojan designed to scrape credit card and payment information from infected devices, the report revealed. Nuspire claimed it is particularly difficult to detect and remove, because it targets a machine’s master boot record.

    It attributed much of the surge in exploit activity to the persistent threat posed by the Log4j bugs discovered at the end of December 2021.

    At the time, experts warned that the ubiquity of the utility, and the difficulty many organizations have in finding all instances of the CVE due to complex Java dependencies, means it may be exploited for years.

    There was one bright spot in the Nuspire report: VBA agent activity significantly decreased following Microsoft’s announcement to block the macros by default. However, as revealed in separate research from Proofpoint in July 2022, threat actors have already found a way to circumvent the blocks.

    According to Nuspire, manufacturing was the most targeted sector in Q2 2022, with the LockBit ransomware gang and Dynamite Panda (APT18) the biggest threats to the industry.

    “Organizations continue to struggle balancing the need to protect against an onslaught of threats with the concurrent need for employees to properly manage digital sovereignty requirements,” argued Craig Robinson, IDC research vice president for security services.

    “This is why we’re seeing the market becoming more receptive to increasing and enhancing internal security training. This combined with tools like multi-factor authentication and endpoint detection, as well as services like MDR, can make all the difference to an organization’s security posture.”