CIO Influence
CIO Influence News Security

Security Experts Discover A 1,500%+ Increase In Attacks Against VPN Due To Remote Work

Security Experts Discover A 1,500%+ Increase In Attacks Against VPN Due To Remote Work

Nuspire’s Threat Report Provides Data and Insight into Malware, Exploit and Botnet Activity Throughout Q1 of 2021

Nuspire, a leading managed security services provider (MSSP), announced the release of its 2021 Q1 Threat Landscape Report. Sourced from its 90 billion traffic logs, the report outlines new cybercriminal activity and tactics, techniques and procedures (TTPs) with additional insight from its threat intelligence partner, Recorded Future.

Recommended ITech News: Most Enterprises are Using Three or More Clouds According to Strata Identity Survey

“As companies return to a hybrid workplace, it’s crucial that they are aware of the evolving threat landscape,” said Craig Robinson, Program Director, Security Services at IDC. “The data highlighted in this threat report by Nuspire and Recorded Future shows that security leaders need to stay vigilant as threat actors see opportunity in the continued era of remote access.”

In Q1 2021, Nuspire witnessed a 1,916% increase in attacks against Fortinet’s SSL-VPN and a 1,527% increase in Pulse Connect Secure VPN. These vulnerabilities allow a threat actor to gain access to a network. Once they are in, they can exfiltrate information and deploy ransomware.

“2020 was the era of remote work and as the workforce adjusted, information technology professionals scrambled to support this level of remote activity by enabling a wide variety of remote connectivity methods,” said J.R. Cunningham, Nuspire Chief Security Officer. “This added multiple new attack vectors that enabled threat actors to prey on organizations, which is what we started to see in Q1 and are continuing

Recommended ITech News: Sherweb Partners With LogMeIn, Adds LastPass to Its Expanding Cloud Marketplace

Because of the significant increase in VPN and RDP vulnerabilities, Nuspire’s threat report discovers malware, botnet and exploitation activity are down compared to Q4, but threat actors are still on the prowl. Additional notable findings from Nuspire’s 2021 Q1 Threat Landscape Report include:

  • Emotet botnet activity dropped -99.96% after the announcement of Law Enforcement seizing their infrastructure. This is likely attributed to the shutdown of the command-and-control infrastructure through a global initiative as announced by Europol during Q1. This collaborative effort by the United States, Netherlands, Germany, United Kingdom, France, Lithuania, Canada and Ukraine allowed law enforcement to seize Emotet servers and shut them down.
  • ZeroAccess Botnet activity surged during one week by 619,460% before trailing down into end of the quarter. ZeroAccess has come and gone over many Nuspire threat reports and will usually appear with massive bursts of activity before going quiet, sometimes for months before re-emerging again. This could be due to retooling/theming of malware associated with ZeroAccess.
  • SMB Login Brute Force attempts contained 69.73% of all exploit activity witnessed in Q1. Similar to the observed activity in Q4, these attacks came in a very active “wave” near the end of the quarter. The amount of activity pushed this exploit to the top witnessed exploit attempt. This is a trend that we can expect to continue. Organizations should be aware of their exposed services and ensure mitigations are in place to prevent these types of attacks.

Recommended ITech News:  Checkmarx Appoints Roman Tuma as Chief Revenue Officer

Related posts

Blue Ridge Communications Announces the Beginning of a Complete Fiber-to-the-Home (FTTH) Rebuild of Its DOCSIS 3.1 Cable Systems Serving Rural Pennsylvanians

Digitate Boosts AWS Collaboration with Tech Integration and Key Customer Wins

Business Wire

Veritas Simplifies Data Backup to the Cloud While Helping Reduce Costs and Increase Ransomware Resiliency

CIO Influence News Desk