Cyberattackers Took a Holiday in Preparation for 2020


Nuspire, a leading Managed Security Services Provider (MSSP), today announced the release of its latest Quarterly Threat Landscape Report, which dives deep into top botnet, malware and exploit activity throughout 2019, zeroing in on the fourth quarter.

Attackers know that humans are still the weakest link. Across the board, malicious cyber-activity was down partly as a result of hectic holiday schedules and vacations with fewer employees around to interact with malicious activity. However, this decrease in activity also tracks to the heightened malicious activity Nuspire researchers saw at the beginning of 2019. Targeting employees returning to the office and digging through emails received over the holidays is a prime opportunity to strike.

“While we saw a reduction in known attacks in the 4th quarter, the frequency and severity of attacks will always fluctuate. However, the trends lines have always moved upwards. As an industry, we must stay diligent and focused on understanding what threat actors pose the biggest threat to your business, how they will attack you and what safeguards you have in place to detect and respond to malicious activity. We simply can’t afford to let our guard down”, said Lewie Dunsworth, CEO of Nuspire. “Year over year, adversaries have demonstrated their ability to evolve and increase the sophistication of their attacks doing more harm, faster than ever. While organizations must continually refresh cybersecurity policies, stress hygiene best practices, and practice effective change management, it’s critical to have trusted partners that you can lean on to assist with both the response and remediation efforts.”

The decrease in botnet (22%), malware (19%) and exploit activity (12%) also suggests that cyberattackers are retooling methodologies in order to change tactics and techniques for 2020 as evidenced by other notable findings in the report including:

  • Sora, a variant of the notorious Mirai IoT botnet, despite almost completely ceasing activity by the end of the year, continues to reign supreme as the most prevalent botnet, followed by Andromeda, Necurs and Conficker.
  • njRAT detection increased by 89% from August to early October 2019 following the release of a new version.
  • Increased government attention and frequency of ransomware malspam campaigns as a delivery method this quarter correlated to the spike in malware detection in early Q4 2019.
  • Significant increase in exploit attempts for IFS Remote Code Execution furthered the point that attackers recycle through older attack methods to catch enterprises when they least expect it.
  • Visual Basics for Applications (VBA) scripts remained prevalent throughout Q4 and the entirety of 2019, dropping by a mere 5% in detections in Q4. These VBA scripts are what is embedded into malicious documents that when executed, perform malicious actions.


“Unfortunately, 2020 will see the continued evolution of old, but tried and true, threats. Delivery will be through channels that look and seem safe but are vulnerable,” said Shawn Pope, Senior Security Analyst of Nuspire. “Organizations need to be vigilant in continually reminding and educating employees of their role as the first line of defense.”

Nuspire’s Quarterly Threat Report aggregates, correlates and analyzes threats detected from October 2019 to December 2019. Data is gathered from thousands of devices at Nuspire customer sites from across the globe. This equates to more than 83 billion traffic logs through the fourth quarter of 2019 across enterprise and mid-market organizations.

Download the complete report here.

About Nuspire

Nuspire, a leading Managed Security Services Provider (MSSP), is revolutionizing the cybersecurity experience by taking a people first approach to cybersecurity solutions. . Nuspire’s award winning product portfolio serves thousands of enterprises of all sizes across multiple industries, delivering the greatest risk reduction per cyber-dollar spent. Nuspire’s 24×7 Security Operations Centers (SOCs) and managed detection and response (MDR) service combines award-winning threat detection and response technology with human intelligence, providing end-to-end protection across the gateway, network and endpoint ecosystem. Nuspire pioneered distributed, managed security services within the enterprise, franchise and industrial market. For more information, visit http://www.nuspire.com and follow @Nuspire.

Share article on social media or email:

Leave a Reply