Η Check Point Research, its Threat Intelligence section Check Point® Software Technologies Ltd. (NASDAQ: CHKP), the world's leading provider of cybersecurity solutions, published the Global Threat Index for the month September 2021.
Η research team reports that Trickbot returned to the top of the list, while it had fallen to second place in August after a quarterly "kingdom".
The remote access trojan, nRAT entered the top ten for the first time, taking the place of Phorpiex which is no longer active. The Trickbot is a banking trojan that can steal financial information, account credentials and personal data, as well as spread to a network and launch a ransomware attack.
Since the removal of Emotet last January, the Trickbot trojan has gained popularity. It is constantly being upgraded with new features, capabilities and distribution channels that allow it to be a flexible and customizable malware that can be distributed as part of multi-purpose campaigns.
But, as always, there is still a long way to go. This week our researchers reported that in 2021 there are 40% more attacks per week on organizations worldwide compared to 2020, but most, if not all, of them could have been prevented. Organizations should no longer delay adopting a preventive-first approach to cybersecurity., she said Maya Horowitz, VP Research in Check Point Software.
Η CPR also revealed this month that the “Web Server Exposed Git Repository Information Disclosure”Is the most common vulnerability to be exploited, which affects 44% organizations worldwide, followed by the “Command Injection Over HTTP”Which affects the 43% of organizations worldwide. The "HTTP Headers Remote Code ExecutionRanks third on the list of most vulnerable exploits, with a global impact as well 43%.
Top malware families
* The arrows refer to the change of the ranking in relation to the previous month.
In September Trickbot is the most popular malware that affects the 4% organizations worldwide, followed by Formbook and XMRig, each of which influences the 3% of organizations worldwide.
1. ↑ Trickbot - Trickbot is a modular Botnet and Banking Trojan that is constantly updated with new features, capabilities and distribution channels. This allows Trickbot to be a flexible and customizable malware that can be distributed as part of multipurpose campaigns.
2. ↓ Formbook Formbook is an infostealer that collects credentials from various web browsers and screenshots, monitors and records keystrokes, and can download and execute files according to C&C commands.
3. ↑ XMRig - XMRig is an open source CPU mining software used for the Monero cryptocurrency mining process and first appeared in May 2017.
The most exploitable vulnerabilities
In September the “Web Server Exposed Git Repository Information DisclosureIs the most exploited vulnerability, affecting it 44% organizations worldwide, followed by the “Command Injection Over HTTP”Which affects the 43% of organizations worldwide. The "HTTP Headers Remote Code ExecutionRanks third on the list of most vulnerable vulnerabilities to exploit, with a global impact also 43%.
1. ↔ Web Server Exposed Git Repository Information Disclosure - Vulnerability of information disclosure has been reported in the Git Repository. Successfully exploiting this vulnerability could allow an account to be inadvertently disclosed.
2. ↑ Command Injection Over HTTP A command distribution via HTTP vulnerability has been reported. A remote intruder can take advantage of this issue by sending a specially crafted request to the victim. Successful exploitation would allow an attacker to execute arbitrary code on the target machine.
3. ↓ HTTP Headers Remote Code Execution (CVE-2020-10826, CVE-2020-10827, CVE-2020-10828, CVE-2020-13756) HTTP headers allow the client and server to pass additional information with an HTTP request. A remote intruder can use a vulnerable HTTP header to execute arbitrary code on the victim's machine.
Top Mobile Malwares
In September xHelper remained at the forefront of the most prevalent mobile malware, followed by AlienBot and flubot.
1. xHelper - A malicious application that first appeared in March 2019 and is used to download other malicious applications and display ads. The application can be hidden from the user and can even be reinstalled if it is removed.
2. AlienBot - The malware family AlienBot is one Malware-as-a-Service (MaaS) for Android devices that allow a remote intruder to initially enter malicious code into legitimate financial applications. The attacker gains access to the victims' accounts and eventually takes full control of their device.
3. flubot - The FluBot is an Android malware distributed via messaging (SMS) e-fishing (Phishing) and usually impersonates transport logistics companies. As soon as the user clicks on the link in the message, FluBot is installed and accesses all the sensitive information on the phone.
The top 10 in Greece |
|||
| Malware name | Global Impact | Impact on Greece | |
| agent Tesla | 2.59% | 8.93% | |
| Formbook | 3.14% | 8.33% | |
| Trickbot | 4.09% | 5.36% | |
| Remcos | 2.20% | 4.76% | |
| Nanocore | 0.88% | 3.87% | |
| Vidar | 0.97% | 2.98% | |
| Glupteba | 2.41% | 2.68% | |
| Joker | 0.08% | 2.38% | |
| Lovgate | 0.33% | 2.38% | |
| Masslogger | 0.13% | 2.38% | |
Malware families in detail
agent Tesla
The agent Tesla is an advanced RAT (Trojan Remote Access) that acts as a keylogger and password thief. Active since 2014, AgentTesla can track and collect victim input's keyboard and clipboard, and capture screenshots and extract credentials for a variety of software installed on the victim's machine (including Chrome, Mozilla Firefox and Microsoft Outlook email client). AgentTesla sells openly as a legal RAT with customers paying $ 15- $ 69 for licenses.
FormBook
The FormBook is an InfoStealer that targets the Windows operating system and was first detected in 2016. It is advertised in hacking forums as a tool that has powerful avoidance techniques and relatively low prices. FormBook collects credentials from various web browsers and screenshots, monitors and records keyboards, and can download and execute files according to C & C instructions given to it.
Trickbot
The Trickbot is a modular Botnet and Banking Trojan that targets Windows platforms and is mainly transmitted via spam or other malware families such as Emotet. Trickbot sends information about the infected system and can also download and execute modules arbitrarily from a wide range available, such as a VNC module for remote use or an SMB module for deployment within an affected network. Once a machine is infected, the intruders behind the Trickbot malware use this wide range of modules not only to steal bank credentials from the target computer, but also for lateral movement and identification within the organization itself, before a targeted attack. ransomware throughout the company.
Remcos
The Remcos is a RAT that first appeared in 2016. Remcos is distributed through malicious Microsoft Office documents that are attached to SPAM emails and is designed to bypass Microsoft Windowss UAC security and run malicious software with high privileges.
NanoCore
The NanoCore is a remote access Trojan, first observed in nature in 2013 and targeting users of the Windows operating system. All versions of RAT have basic add-ons and features such as screen capture, cryptocurrency mining, remote desktop control and webcam session theft.
Vidar
The Vidar is an infolstealer that targets Windows operating systems. First detected in late 2018, it is designed to steal passwords, credit card data and other sensitive information from various web browsers and digital wallets. Vidar has been sold on various online forums and a malware dropper has been used to download the GandCrab ransomware as its secondary payload.
Glupteba
Known since 2011, the Glupteba is a backdoor that has gradually matured into a botnet. Until 2019, it included a C&C address update mechanism via public BitCoin listings, a built-in browser theft feature, and an operator router.
Joker
An android Spyware on Google Play, designed to steal SMS messages, contact lists and device information. In addition, the malware silently signals to the victim for premium services on advertising sites.
lovgate
The lovgate is a computer "worm" that can spread through network sharing, e-mail, and file sharing networks. Once installed, the program copies various folders to the victim's computer and distributes malicious files that result in remote access to attackers.
Masslogger
The Masslogger is a .NET credential thief. This threat is an identification tool that can be used to extract data from targeted servers.
The Global Threat Impact Index and ThreatCloud Map of Check Point Software, based on the section ThreatCloud intelligence the company's. The ThreatCloud provides real-time threat information from hundreds of millions of sensors worldwide, through networks, terminals, and mobile devices.
Intelligence is enriched with AI-based engines and exclusive research data from Check Point Research, the Intelligence & Research department of Check Point Software Technologies.
Press Release
Do not forget to follow it Xiaomi-miui.gr on Google News to be informed immediately about all our new articles! You can also if you use RSS reader, add our page to your list by simply following this link >> https://news.xiaomi-miui.gr/feed/gn
Follow us on Telegram so that you are the first to learn our every news!
