- Nuspire stated that malware events increased by over 25%, botnets doubled over the first quarter, and exploit activity grew by nearly 150%.
- The increase in botnet activity was attributed to Torpig Mebroot botnet, which is a banking trojan that aims to steal payment information.
- According to the report, the LockBit ransomware gang and Dynamite Panda are the most prevalent threats to the manufacturing industry.
Managed security services provider, Nuspire announced the release of its Q2 2022 Quarterly Threat Report which outlines new cybercriminal activity and tactics, techniques, and procedures. The report pinpoints an increase in threat activity, especially across malware, botnet, and exploits. Nuspire stated that remote working played an important role in the escalation.
25% increase in malware events
Nuspire’s report showed that in the second quarter, malware events increased by more than 25%. Also, botnets doubled over, and exploit activity grew by nearly 150%, increased by the Log4j vulnerability. Nuspire’s report can be downloaded from its official website. Additional notable findings from Nuspire’s Q2 2022 Quarterly Threat Report include:
- VBA agent activity, which has been one of the top offenders over the past year in Nuspire’s Quarterly Threat Reports, has significantly decreased as predicted last quarter, due to Microsoft’s announcement of blocking them by default.
- A substantial increase in botnet activity near the end of Q2 was attributed to Torpig Mebroot botnet, which is a banking trojan designed to scrape and collect credit card and payment information from infected devices. Torpig Mebroot is particularly difficult to detect and remove, as it infects the victim machine’s master boot record.
- Manufacturing is the world’s most attacked industry vertical. Our data shows the LockBit ransomware gang and Dynamite Panda (APT18) as two of the most prevalent threats to the manufacturing industry in the second quarter.

JR Cunningham, Chief Security Officer of Nuspire said,
« We witnessed a stunning escalation in threat activity in Q2, and while it’s not a surprise given increased attack opportunities like remote work, it’s still a worrying development and one we cannot ignore. Attackers have always looked for the easiest way to profit from their targets, and because basic attacks like phishing continue to work, it’s clear organizations need to shore up their fundamental security practices like patching and user awareness training. It’s also critical organizations conduct regular reviews of their security programs to safeguard against a nonstop flow of potentially serious disruptive threats. »