Botnet and Exploit Activity Goes Up as Cybercriminals Shift Focus, Report Shows

  • Botnet activity is on the rise in Q2 2020
  • Threat actors no longer interested in COVID-10 themes
  • ZeroAccess botnet responsible for much of the current activity

Threat actors have changed their attack vectors and other techniques and procedures (TTP), shifting from COVID-19 themes to more timely subjects like the Black Lives Matter movement and the upcoming US election, according to a new report.

When the pandemic hit in full-force, cybercriminals immediately deployed malware, phishing and other types of attacks inspired by the COVID-19 outbreak. The report from Nuspire shows that threat actors are modifying their strategies and adopting new media themes.

Of course, one catalyst for change was the shift to remote work, and cybercriminals were quick to target people working from home. Now that, too, is changing, with attackers trying to often look for a way to compromise the infiltrated networks. The poor security of home networks, protected by old and unpatched routers, make them a perfect target for hackers. Corporate security can do little about this obvious security threat.

“Nuspire observed an increase in both botnet and exploit activity over the course of Q2 2020 by 29% and 13% respectively—that’s more than 17,000 botnet and 187,000 exploit attacks a day,” says the report. “While attackers targeted remote work technology at the source to obtain access to the enterprise in Q1 2020, Nuspire observed a shift in tactics to leverage botnets to obtain a foothold in the network.”

The report has a silver lining, as Nuspire recorded only 1,597,858 malware events, registering a 12 percent decrease from Q1 2020. Unfortunately, the drop is only a representation of the attackers’ change of focus, as events from other threat vectors increased.

Most of the increase in botnet activity can be attributed to ZeroAccess, as it registered a 733% increase in usage. Its resurgence is a bit surprising because ZeroAccess started its activity more than a decade ago and seemed to have died down in 2013. Modified ZeroAccess versions are now activated and put into circulation once more.

On the side of exploits, attackers had extra incentive to try out their tools on people working from home, as their devices are rarely up to date. Exploits such as DoublePulsar and Shellshock continue to lead the pack.

As usual, the best mitigation for many of these issues is user training. Of course, having up to date devices and operating systems is also a must, along with the implementation of a security solution that is capable of dealing with threats stemming from inside a network.