Η Check Point Research, its research department Check Point Software Technologies Ltd., published it Global enviroment Threat Index for April 2022. Researchers report that Emotet is still the most common malware affecting 6% of organizations worldwide. Despite this, there was movement for all the other malicious programs on the list.
The Tofsee and Nanocore came out and were replaced by Formbook and Lokibot, which is now the second and sixth most common malware respectively.
That's it Emotet's highest score in March (10%) was mainly due to specific Easter-themed scams, but this month's decline could also be explained by Microsoft disable specific macros associated with its files Office, affecting the way in which Emotet usually delivered. In fact, there are reports that the Emotet has a new delivery method- using emails Phishing containing an address URL of OneDrive.
The Emotet has many uses since it manages to bypass tsecurity of a machine. Due to the advanced techniques of propagation and assimilation, the Emotet also offers other malicious programs to cybercriminals in dark web forums, including banking Trojans, ransomwares, botnets etc. As a result, just the Emotet find a breach, the consequences may vary depending on which malware was delivered after the breach.
Elsewhere in the index, the Lokibot, one infostealer, returned to the list in sixth place after a campaign spam with great resonance delivered by malware through files xLSX that look like legal invoices. This, as well as its rise Formbook, had an impact on the position of other malicious programs, with the advanced trojan remote access (RAT) agent Tesla, for example, to fall to third place from second.
At the end of March, critical vulnerabilities were identified in Java Spring Framework, known as Spring4Shell, and since then, numerous threat carriers have used the threat to spread Mirai, the ninth most common malware this month.
"With the landscape of cyber threats constantly evolving and with large companies such as Microsoft to influence the parameters within which cybercriminals can operate, perpetrators become more creative in the way they distribute malware, as shown in the new distribution method now used by cybercriminals. Emotet", He said η Maya Horowitz, vice president of research Check Point.
"In addition, this month we have witnessed vulnerabilities Spring4Shell which became a front page. "Although it is not yet in the top ten vulnerabilities, it is worth noting that over 35% of organizations worldwide have already been affected by this threat in just the first month, so we expect to see it rise to the top in the coming months."
Η CPR also revealed this month that Education and Research remain the most targeted branch of cybercriminals worldwide. THE "Web Server Exposed Git Repository Information DisclosureIs the most exploited vulnerability, affecting 46% of organizations worldwide, and is closely followed byApache Log4j Remote Code Execution“. The "Apache Struts ParametersInterceptor ClassLoader Security Bypass”Launches into the index, now occupying the third place with a global impact of 45%.
Top malware families
* The arrows refer to the change of the ranking in relation to the previous month.
This month the Emotet is still the most widespread malware, affecting 6% of organizations worldwide, closely followed by Formbook affecting 3% of organisms and agent Tesla with a global impact of 2%.
- ↔Emotet - Eself-replicating modular trojan. Emotet once served as a Trojan horse for spying on bank accounts and has recently been used to distribute other malware or malware campaigns. It uses many avoidance methods and techniques to stay in the system and avoid detection. Additionally, it may be spread by spam emails containing phishing attachments or links.
- ↑ Formbook - The Formbook it is a info stealer targeting the operating system Windows and was first identified in 2016. Available on the market as Malware-as-a-Service (MaaS) in underground forums hacking for its powerful avoidance techniques and its relatively low price. The FormBook collects credentials from various web browsers, collects screenshots, monitors and records keystrokes, and can download and execute files as instructed by C&C of.
- ↓ Agent Tesla - THE agent tesla is an advanced one RAT that works as keylogger and information thief, which is capable of monitoring and collecting the victim's keyboard input, the system keyboard, taking screenshots, and extracting credentials to various software installed on the victim's machine (including Google Chrome, Mozilla Firefox and Microsoft Outlook).
Top attacking industries worldwide
This month training / research is the industry with the most attacks worldwide, followed by government / military and internet service providers & managed service providers (ISP & MSP).
1. Education and research
2. Government & Army
3. Internet Service Providers & Managed Service Providers (ISP & MSP)
TOP Exploited vulnerabilities
This monthWeb Server Exposed Git Repository Information Disclosure ” is the most exploited vulnerability, impacting 46% of organizations globally, closely followed by Apache Log4j Remote Code Execution with a global impact of 46%. "Apache Struts ParametersInterceptor ClassLoader Security Bypass”Is now in third place in the top exploited vulnerabilities list, with a global impact of 45%.
This month the “ Website Server & Hosting Exposed Go Repository Information Disclosure Is the most exploited vulnerability, affecting 46% of organizations worldwide, followed byRemote code execution Apache log4jWith a global impact of 46%. The "Apache Struts ParametersInterceptor ClassLoader Security BypassIs now in third place on the list of most frequently exploited vulnerabilities, with a global impact of 45%.
- ↑ Website Server & Hosting Exposed Go Repository Information DisclosureA vulnerability to information disclosure has been reported in Git Repository. Successfully exploiting this vulnerability could allow unintentional disclosure of account information.
- ↓ Apache log4j Remote -- Execution (CVE-2021-44228)- A remote code execution vulnerability exists in Apache Log4j. Successfully exploiting this vulnerability could allow a remote intruder to execute arbitrary code on the affected system.
- ↑ Apache Struts ParametersInterceptor ClassLoader Security Bypass (CVE-2014-0094,CVE-2014-0112,CVE-2014-0113,CVE-2014-0114)- A security bypass vulnerability exists in Apache Struts. Η ευπάθεια οφείλεται στην ανεπαρκή επικύρωση των data που επεξεργάζεται ο ParametersInterceptor, allowing its manipulation ClassLoader. A remote attacker could exploit this vulnerability by providing a class parameter to an application.
TOP malware for cell phones
This month the AlienBot is the most common mobile malware followed by flubot and xHelper.
-
AlienBot - The malware family AlienBot it is a Malware-as-a-Service (MaaS) for devices Android which allows a remote intruder, in the first instance, to introduce malicious code into legitimate financial applications. The attacker gains access to the victims' accounts and eventually takes full control of their device.
-
flubot- The flubot is a malware Android distributed via messages SMS phishing (Smishing), which most often imply delivery marks Logistics. Once the user clicks on the link in the message, they are redirected to download a fake application that contains the flubot. Once installed, the malware has various capabilities for collecting credentials and supporting the business itself. Smishing, including uploading the contact list as well as sending messages SMS to other telephone numbers.
-
xHelper - A malicious application that has been released in nature since March 2019 and is used to download other malicious applications and display ads. The application is capable of being hidden from the user and reinstalled in case it has been uninstalled.
|
The top 10 per country |
||
|
Malware |
Global impact |
Greece |
|
Emotet |
6.43% |
13.97% |
|
agent Tesla |
2.45% |
9.22% |
|
Lokibot |
1.84% |
8.38% |
|
Formbook |
3.42% |
6.15% |
|
XMRig |
2.45% |
2.79% |
|
Vidar |
1.06% |
2.51% |
|
Hail Mary |
0.39% |
2.23% |
|
MassLogger |
0.15% |
1.68% |
|
Remcos |
1.08% |
1.68% |
|
Seraph |
0.46% |
1.68% |
Check Point Software's Global Threat Impact Index and ThreatCloud Map, based on its ThreatCloud intelligence? Company, in the largest network cooperationς για την καταπολέμηση του κυβερνοεγκλήματος, το οποίο παρέχει data on threats and attack trends by leveraging a global network of threat detectors.
The ThreatCloud database includes over 3 billion websites and 600 million files daily and detects more than 250 million malware activities each day.
The full list of the top 10 malware families in April 2022 can be found at blog of Check Point.
