Η Check Point Research, the Threat Intelligence division of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), the world's leading provider of cybersecurity solutions, published the Global Threat Index for the month September 2021.
ΟResearchers report that while the Trickbot remains at the top of the list of the most common malware, affecting it 5% of organisms worldwide, the recently reborn Emotet returns to seventh place on the list. THE CPR also reveals that the industry that receives the most attacks is its own Education / Research.
Despite significant efforts by Europol and several other law enforcement agencies earlier this year to repression of Emotet, the infamous botnet was confirmed to be back in action in November and is already the seventh most commonly used malware. Trickbot tops the list for the sixth time this month and is even involved with the new Emotet variant, which installs on infected computers using the Trickbot infrastructure.
The Emotet spreads through phishing emails containing infected files Word, Excel and Zip, which develop the Emotet on the victim's computer. The emails contain interesting headlines such as breaking news, invoices and fake corporate notes to entice victims to open them. More recently, Emotet has also begun to spread through malicious packages of Windows App Installer fake Adobe software.
The fact that it uses its infrastructure Trickbot means it shortens the time it would take to gain a fairly significant networking support around the world. As it spreads through phishing emails with malicious attachments, it is vital that both awareness and training of users be at the top of organizations's list of cyber security priorities.
And anyone who wants to download software Adobe should remember, as with any application, to do so only through official means., she said Maya Horowitz, VP Research at Check Point Software.
CPR also revealed that the education / research sector is the one with the most attacks worldwide in November, followed by government / military communications. The "Web Servers Malicious URL Directory TraversalIs still the most commonly exploited vulnerability, affecting it 44% organizations worldwide, followed by the “Web Server Exposed Git Repository Information Disclosure”Which affects the 43,7% of organizations worldwide. THE "HTTP Headers Remote Code ExecutionRemains third on the list of most frequently exploited vulnerabilities, with a global impact 42%.
Top malware families
* The arrows refer to the change of the ranking in relation to the previous month.
This month, the Trickbot is the most popular malware that affects the 5% of organizations worldwide, followed by agent tesla and Formbook, both with a global impact 4%.
- ↔ Trickbot - The Trickbot it is a modular Botnet and Banking Trojan which is constantly updated with new features, characteristics and distribution channels. This allows it to be flexible and customizable malware that can be distributed as part of multi-purpose campaigns.
- ↑ Agent Tesla - The agent tesla is an advanced one RAT that works as keylogger and an interceptor capable of tracking and collecting victim's keyboard, system keypad, screenshots, and credentials on various software installed on the machine (including Google Chrome, Mozilla Firefox and Microsoft Outlook).
- ↑ Formbook - The Formbook it is a InfoStealer collects credentials from various web browsers, collects screenshots, monitors and records keystrokes, and can download and execute files according to commands DC.
Leading attacks in industries worldwide:
This month, the Education / Research is the industry with the most attacks in the world, followed by Communicationand Government / Army.
- Education / Research
- Communications
- Government / Army
The most exploitable vulnerabilities
This month, the " Web Servers Malicious URL Directory Traversal”Is still the most commonly exploited vulnerability, affecting it 44% of organizations worldwide, followed by the " Web Server Exposed Git Repository Information Disclosure ", Which affects the 43,7% of organizations worldwide. THE " HTTP Headers Remote Code ExecutionRemains third on the list of vulnerabilities with the most farms, with a global impact 42%.
- ↔ Website Servers Malicious URL Directory traverse (CVE-2010-4598,CVE-2011-2474,CVE-2014-0130,CVE-2014-0780,CVE-2015-0666,CVE-2015-4068,CVE-2015-7254,CVE-2016-4523,CVE-2016-8530,CVE-2017-11512,CVE-2018-3948,CVE-2018-3949,CVE-2019-18952,CVE-2020-5410,CVE-2020-8260) - There is a vulnerability in directory crossing on various web servers. The vulnerability is due to an entry validation error on a web server that does not properly clear the URL for directory crossing patterns. Successful exploitation allows unauthorized remote attackers to detect or gain access to arbitrary files on the vulnerable server.
- ↔ Website Server & Hosting Exposed Go Repository Information Disclosure - A security breach has been reported for information disclosure in the Git Repository. Successfully exploiting this vulnerability could allow unintentional disclosure of account information.
- ↔ HTTP Headers Remote -- Execution (CVE-2020-10826,CVE-2020-10827,CVE-2020-10828,CVE-2020-13756) HTTP headers allow the client and server to transfer additional information with an HTTP request. A remote intruder can use a vulnerable HTTP header to execute arbitrary code on the victim's machine.
Top Mobile Malwares
In September xHelper remained at the forefront of the most prevalent mobile malware, followed by AlienBot and flubot.
1. xHelper - A malicious application that first appeared in March 2019 and is used to download other malicious applications and display ads. The application can be hidden from the user and can even be reinstalled if it is removed.
2. AlienBot - The malware family AlienBot is one Malware-as-a-Service (MaaS) for Android devices that allow a remote intruder to initially enter malicious code into legitimate financial applications. The attacker gains access to the victims' accounts and eventually takes full control of their device.
3. flubot - The FluBot is an Android malware distributed via messaging (SMS) e-fishing (Phishing) and usually impersonates transport logistics companies. As soon as the user clicks on the link in the message, FluBot is installed and accesses all the sensitive information on the phone.
The top 10 in Greece |
|||
| Malware name | Global Impact | Impact on Greece | |
| agent Tesla | 2.59% | 8.93% | |
| Formbook | 3.14% | 8.33% | |
| Trickbot | 4.09% | 5.36% | |
| Remcos | 2.20% | 4.76% | |
| Nanocore | 0.88% | 3.87% | |
| Vidar | 0.97% | 2.98% | |
| Glupteba | 2.41% | 2.68% | |
| Joker | 0.08% | 2.38% | |
| Lovgate | 0.33% | 2.38% | |
| Masslogger | 0.13% | 2.38% | |
Malware families in detail
agent Tesla
The agent Tesla is an advanced one RAT (Remote Access Trojan) which acts as a keylogger and password thief. Active since 2014, the agent Tesla can monitor and collect the victim's keyboard and draft system, and can capture screenshots and extract credentials entered for a variety of software installed on the victim's machine (including Google Chrome, Mozilla Firefox and Microsoft Outlook email client). The agent Tesla sold openly as a legal RAT with customers paying $ 15 - $ 69 for licenses.
FormBook
The FormBook it is a InfoStealer targeting their operating system Windows and 2016 was first detected. Advertised on hacking forums as a tool with powerful avoidance techniques and relatively low prices. The FormBook collects credentials from various web browsers and screenshots, monitors and records keyboards and can download and execute files according to instructions C & C given to him.
Trickbot
The Trickbot is a modular Botnet and Banking Trojan that targets Windows platforms and is mainly transmitted via spam or other malware families such as Emotet. Trickbot sends information about the infected system and can also download and execute modules arbitrarily from a wide range available, such as a VNC module for remote use or an SMB module for deployment within an affected network. Once a machine is infected, the intruders behind the Trickbot malware use this wide range of modules not only to steal bank credentials from the target computer, but also for lateral movement and identification within the organization itself, before a targeted attack. ransomware throughout the company.
Remcos
The Remcos is a RAT that first appeared in 2016. Remcos is distributed through malicious Microsoft Office documents that are attached to SPAM emails and is designed to bypass Microsoft Windowss UAC security and run malicious software with high privileges.
NanoCore
The NanoCore is a remote access Trojan, first observed in nature in 2013 and targeting users of the Windows operating system. All versions of RAT have basic add-ons and features such as screen capture, cryptocurrency mining, remote desktop control and webcam session theft.
Vidar
The Vidar is an infolstealer that targets Windows operating systems. First detected in late 2018, it is designed to steal passwords, credit card data and other sensitive information from various web browsers and digital wallets. Vidar has been sold on various online forums and a malware dropper has been used to download the GandCrab ransomware as its secondary payload.
Glupteba
Known since 2011, the Glupteba is a backdoor that has gradually matured into a botnet. Until 2019, it included a C&C address update mechanism via public BitCoin listings, a built-in browser theft feature, and an operator router.
Joker
An android Spyware on Google Play, designed to steal SMS messages, contact lists and device information. In addition, the malware silently signals to the victim for premium services on advertising sites.
lovgate
The lovgate is a computer "worm" that can spread through network sharing, e-mail, and file sharing networks. Once installed, the program copies various folders to the victim's computer and distributes malicious files that result in remote access to attackers.
Masslogger
The Masslogger is a .NET credential thief. This threat is an identification tool that can be used to extract data from targeted servers.
The Global Threat Impact Index and ThreatCloud Map of Check Point Software, based on the section ThreatCloud intelligence the company's. The ThreatCloud provides real-time threat information from hundreds of millions of sensors worldwide, through networks, terminals, and mobile devices.
Intelligence is enriched with AI-based engines and exclusive research data from Check Point Research, the Intelligence & Research department of Check Point Software Technologies.
The complete list of Top 10 malware families in November is on her blog Check Point.
Press Release
Do not forget to follow it Xiaomi-miui.gr on Google News to be informed immediately about all our new articles! You can also if you use RSS reader, add our page to your list by simply following this link >> https://news.xiaomi-miui.gr/feed/gn
Follow us on Telegram so that you are the first to learn our every news!
