Quarterly Threat Report: 2018 Q3

User interaction, poisoned packets, and Emotet

Executive Summary

Rapid7 Threat Report: 2018 Q3

It’s harvest time (at least here in the United States), and as we prepare to reap the bounties of the land, so too have we seen attackers make good use of the exploits they’ve sown and infrastructure they’ve co-opted. The credential compromises and remote access attempts of Q2 have ripened into suspicious service logins and lateral movement actions involving credentials, along with increases in the presence of malware on systems. We've included a handful of Q3 highlights below, but read the full report to learn more, and be sure to register for our webcast (November 15, 2:00 p.m. ET/11:00 a.m. PT) to hear directly from researchers what these trends mean for 2018.

Adversaries on vacation:
Summertime generally means vacation time, and as a result there’s a definite slowdown in threat events involving user interaction. We'll watch for a return to "normal" in Q4.

Detected Emotet/Hedeo use:
We saw Emotet/Hedeo campaign usage in 70% of malware-oriented incidents in September across many industries, including healthcare, real estate, and construction. The entry point? Malicious spam or phishing emails.

Memcached resurgance:
There was a continued threat of memcached being used in amplification attacks, including from a single node in Indonesia IPv4-space, along with Mirai letting us know “it’s not dead yet.”

Incident Frequency by Organization Size

Read the Quarterly Threat Report: 2018 Q3

View Now

Free Trial: Threat Detection and Response

Rapid7 InsightIDR leverages attacker analytics to detect intruder activity earlier in the attack chain, cutting down false positives and days’ worth of work for security professionals. It hunts for actions indicative of compromised credentials, spots lateral movement across assets, detects malware, and sets traps for intruders.

Try InsightIDR
Free Trial: Vulnerability Management

Utilizing the power of Rapid7’s Insight platform and the heritage of our award-winning Nexpose product, InsightVM—our vulnerability assessment solution—provides a fully available, scalable, and efficient way to collect your vulnerability data, turn it into answers, and minimize your risk in modern environments.

Try InsightVM