Rapid7 Quarterly Threat Report: 2018 Q3

Share and earn Cybytes
Facebook Twitter LinkedIn Email

It’s harvest time (at least here in the United States), and as we prepare to reap the bounties of the land, so too have we seen attackers make good use of the exploits they’ve sown and infrastructure they’ve co-opted. The credential compromises and remote access attempts of Q2 have ripened into suspicious service logins and lateral movement actions involving credentials, along with increases in the presence of malware on systems. We’ve included a handful of Q3 highlights below, but read the full report to learn more, and be sure to watch our webcast on-demand to hear directly from researchers what these trends mean for 2018.

Adversaries on vacation:

Summertime generally means vacation time, and as a result there’s a definite slowdown in threat events involving user interaction. We’ll watch for a return to “normal” in Q4.

Detected Emotet/Hedeo use:

We saw Emotet/Hedeo campaign usage in 70% of malware-oriented incidents in September across many industries, including healthcare, real estate, and construction. The entry point? Malicious spam or phishing emails.

Memcached resurgance:

There was a continued threat of memcached being used in amplification attacks, including from a single node in Indonesia IPv4-space, along with Mirai letting us know “it’s not dead yet.”

Read the full report here.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Rapid7
Rapid7 (NASDAQ:RPD) powers the practice of SecOps by delivering shared visibility, analytics, and automation that unites security, IT, and DevOps teams. The Rapid7 Insight platform empowers these teams to jointly manage and reduce risk, detect and contain attackers, and analyze and optimize operations. Rapid7 technology, services, and research drive vulnerability management, application security, incident detection and response, and log management for more than 7,000 organizations across more than 120 countries, including 52% of the Fortune 100.
Promoted Content
30-Day Trial: UBA-Powered SIEM with Rapid7's InsightIDR
Rapid7 InsightIDR delivers trust and confidence: you can trust that any suspicious behavior is being detected, and have confidence that with the full context, you can quickly remediate. From working hand-in-hand with security teams, we understand how painful it is to triage, false-positive, vague alerts and jump between siloed tools, each monitoring a bit of the network. InsightIDR combines SIEM, UBA, and EDR capabilities to unify your existing network & security stack. By correlating the millions of events your organization generates daily to the exact users and assets behind them, you can reliably detect attacks and expose risky behavior - all in real-time.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?