Security Experts Discover Significant Increase in Emotet Activity in Q4 2021

67
Security Experts Discover Significant Increase in Emotet Activity in Q4 2021-01

 Nuspire, a leading managed security services provider (MSSP), today announced the release of its Q4 2021 and Year in Review Threat Report. The report outlines new cybercriminal activity and tactics, techniques and procedures (TTPs) with additional insight from its threat intelligence partner, Recorded Future.

Earlier in 2021 Emotet, one of the most dangerous botnets in the world, was taken down by global law enforcement, which was then followed by a significant drop in Emotet activity. However, in Q4 of 2021, Nuspire security experts witnessed Emotet’s return with the month of December showing activity steadily increasing throughout the month. This increase in activity is due to Emotet rebuilding using TrickBot’s existing infrastructure to grow. This activity will likely continue to increase into 2022.

Also Read: Cloud Misconfigurations Can Scar Brand Reputation

“Although overall activity in 2021 compared to 2020 was on an overall decrease, major events such as Log4j and the return of Emotet dominated Q4,” said JR Cunningham, Chief Security Officer at Nuspire. “The return of Emotet discovered in the threat report is a reminder that organizations must never rest on their laurels even when there is a decrease in activity.  Old attacks have a habit of coming back.”

Additional notable findings from Nuspire’s Q4 2021 and Year in Review Threat Report include:

  • With even only roughly 21 days in the last month of Q4, exploit attempts against the newly discovered Log4j vulnerability pushed it into 5th place on the most observed exploit attempt list for Q4
  • Compared against 2020, we saw an overall decrease in activity in 2021. 9.25% decrease in Malware Activity, 24.83% decrease in Botnet Activity, and 13.93% decrease in Exploit Activity
  • XorDDOS was one of the most active botnets Nuspire witnessed within Q3, but prior to that, it was generally quiet compared to others we normally see. It appears that in the beginning of Q4, this botnet has gone back into hibernation, with all activity ceasing by the end of October.

For more such updates follow us on Google News ITsecuritywire News.