News by Xiaomi Miui Hellas
Home » All the news » News » Press release » Global Threat Index: The list of malware (April 2022)!
Press release

Global Threat Index: The list of malware (April 2022)!

Malware-warning-logo

Η Check Point Research, its research department Check Point Software Technologies Ltd., published it Global Threat Index for April 2022.


ΟResearchers report that emotet is still the most common malware affecting 6% of organizations worldwide. Despite this, there was movement for all the other malicious programs on the list. The Tofsee and Nanocore came out and were replaced by Formbook and Lokibot, which is now the second and sixth most common malware respectively.

His highest score Emotet on March (10%) was mainly due to specific Easter scams, but this month’s decrease could also be explained by the decision of the Microsoft disable specific macros associated with Office files, affecting the way Emotet is typically delivered. In fact, there are reports that Emotet has a new delivery method - using phishing emails that contain a OneDrive URL. The Emotet has many uses since it manages to bypass the security of a machine. Due to its advanced dissemination and assimilation techniques, Emotet also offers other malicious programs to cybercriminals in dark web forums, including banking trojans, ransomwares, botnets, etc. As a result, once Emotet finds a breach, the consequences can vary depending on which malware was delivered after the breach.

Elsewhere in the index, the Lokibot, an infostealer, returned to the list in sixth place after a high-profile spam campaign delivered by malware through xlsx files that look like legitimate invoices. This, as well as the rise of Formbook, have had an impact on the position of other malicious programs, with the advanced Remote Access (RAT) trojan agent Tesla, for example, to fall to third place from second.

At the end of March, critical vulnerabilities were identified in Java Spring Framework, known as Spring4Shell, and since then, numerous threat carriers have used the threat to spread Mirai, the ninth most common malware this month.

"With the cyber threat landscape constantly evolving and large companies like Microsoft influencing the parameters in which cybercriminals can operate, the perpetrators are becoming more creative in the way they distribute malware, it seems. in the new distribution method now used by Emotet ", he stated η Maya Horowitz, vice president of research Check Point. "In addition, this month we have witnessed vulnerabilities Spring4Shell which became a front page. Although not yet in the top ten vulnerabilities, it is worth noting that over 35% "Organizations around the world have already been affected by this threat only in the first month, so we expect to see it rise to the top in the coming months."

Η CPR also revealed this month that Education and Research remain the most targeted branch of cybercriminals worldwide. THE "Web Server Exposed Git Repository Information DisclosureIs the most exploited vulnerability, affecting 46% of organizations worldwide, and is closely followed by the Apache Log4j Remote Code Execution. The "Apache Struts ParametersInterceptor ClassLoader Security Bypass”Launches into the index, now occupying the third place with a global impact of 45%.

Top malware families

* The arrows refer to the change of the ranking in relation to the previous month.

This month, Emotet remains the most prevalent malware, affecting 6% of organizations worldwide, followed closely by Formbook, which affects 3% of organizations, and AgentTesla, with a global impact of 2%.

  1. MEmotet - Advanced self-reproducing modular trojan. Emotet once served as a Trojan horse for spying on bank accounts and has recently been used to distribute other malware or malware campaigns. It uses many avoidance methods and techniques to stay in the system and avoid detection. Additionally, it may be spread by spam emails containing phishing attachments or links.
  2. Formbook Formbook is an Infostealer targeting the Windows operating system and was first identified in 2016. It is marketed as Malware-as-a-Service (MaaS) in underground forum hacking for its powerful avoidance techniques and relatively low price. FormBook collects credentials from various web browsers, collects screenshots, monitors and records keystrokes, and can download and execute files as instructed by its C&C.
  3. Agent Tesla - Agent Tesla is an advanced RAT that acts as a keylogger and information thief, capable of tracking and collecting the victim's keyboard input, the system keyboard, taking screenshots and extracting credentials to various software installed on the victim's machine (including Google Chrome, Mozilla Firefox, and Microsoft Outlook).

Top attacking industries worldwide

This month training / research is the industry with the most attacks worldwide, followed by government / military and internet service providers & managed service providers (ISP & MSP).
1. Education and research
2. Government & Army
3. Internet Service Providers & Managed Service Providers (ISP & MSP)

TOP Exploited vulnerabilities

This monthWeb Server Exposed Git Repository Information Disclosure ” is the most exploited vulnerability, impacting 46% of organizations globally, closely followed by Apache Log4j Remote Code Execution with a global impact of 46%. "Apache Struts ParametersInterceptor ClassLoader Security Bypass”Is now in third place in the top exploited vulnerabilities list, with a global impact of 45%.

This month the " Development Server & Hosting Exposed Go Repository Information Disclosure Is the most exploited vulnerability, affecting 46% of organizations worldwide, followed byRemote code execution Apache log4jWith a global impact of 46%. The "Apache Struts ParametersInterceptor ClassLoader Security BypassIs now in third place on the list of most frequently exploited vulnerabilities, with a global impact of 45%.

  1. Development Server & Hosting Exposed Go Repository Information Disclosure- A vulnerability has been reported in the Git Repository. Successfully exploiting this vulnerability could allow unintentional disclosure of account information.
  2. Apache log4j Remote -- Execution (CVE-2021-44228)- A remote code execution vulnerability exists in Apache Log4j. Successfully exploiting this vulnerability could allow a remote intruder to execute arbitrary code on the affected system.
  3. Apache Struts ParametersInterceptor ClassLoader Security Bypass (CVE-2014-0094,CVE-2014-0112,CVE-2014-0113,CVE-2014-0114)- A security bypass vulnerability exists in Apache Struts. The vulnerability is due to insufficient validation of the data processed by ParametersInterceptor, allowing the manipulation of ClassLoader. A remote attacker could exploit this vulnerability by providing a class parameter to an application.

TOP malware for cell phones

This month the AlienBot is the most common mobile malware followed by FluBot and xHelper.

  1. AlienBot The AlienBot family of malware is a Malware-as-a-Service (MaaS) for Android devices that allows a remote intruder, in the first instance, to enter malicious code into legitimate financial applications. The attacker gains access to the victims' accounts and eventually takes full control of their device.
  2. flubot- FluBot is a malicious Android software that is distributed via SMS phishing (Smishing) messages, which most often imply logistics delivery brands. As soon as the user clicks on the link in the message, he is redirected to download a fake application that contains FluBot. Once installed, the malware has various capabilities for collecting credentials and supporting the Smishing Company itself, including uploading the contact list as well as sending SMS to other phone numbers.
  3. xHelper - A malicious application that has been released in nature since March 2019 and is used to download other malicious applications and display ads. The application is capable of being hidden from the user and reinstalled in case it has been uninstalled.

The top 10 per country
Malware Global impact Greece
Emotet 6.43% 13.97%
agent Tesla 2.45% 9.22%
Lokibot 1.84% 8.38%
Formbook 3.42% 6.15%
XMRig 2.45% 2.79%
Vidar 1.06% 2.51%
Hail Mary 0.39% 2.23%
MassLogger 0.15% 1.68%
Remcos 1.08% 1.68%
Seraph 0.46% 1.68%

The World Threat Impact List and the Map ThreatCloud by Check Point Software, based on ThreatCloud intelligence her? Company, the largest network for cooperation in the fight against cybercrime, which provides data on threats and trends in attacks, utilizing a global network of threat detectors. The ThreatCloud database includes over 3 billion websites and 600 million files daily and detects more than 250 million malware activities each day.

The complete list of the top 10 malware families April 2022 it is at blog of Check Point.


Mi TeamDo not forget to follow it Xiaomi-miui.gr on Google News to be informed immediately about all our new articles! You can also if you use RSS reader, add our page to your list by simply following this link >> https://news.xiaomi-miui.gr/feed/gn

 

Follow us on Telegram  so that you are the first to learn our every news!

 

Follow us on Telegram (English language) so that you are the first to learn our every news!

Read also

Leave a comment

* By using this form you agree to the storage and distribution of your messages on our page.

This site uses Akismet to reduce spam comments. Find out how your feedback data is processed.

Leave a Review

Xiaomi Miui Hellas
The official community of Xiaomi and MIUI in Greece.
Read also
Xiaomi launches first Android 13 Beta σήμερα this afternoon