Check Point April 2021 Global Threat Index

Η Check Point Research states that trojan Dridex, which is often used in the early stages of attacks ransomware, is the most common malware for the second consecutive month.

Η Check Point Research, its research department Check Point Software Technologies Ltd., published him Global Threat Index for April of 2021. Researchers report that for the first time, the agent Tesla took second place in the Index, while the established trojan Dridex is still the most common malware, having climbed to the top in March.

This month, the Dridex, one Trojan targeting their platform Windows, spread through the campaign QuickBooks Malspam. The emails Phishing used it Branding of QuickBooks and tried to lure the user with fake payment notifications and invoices. Its content Email ζητούσε να κατεβάσει ένα κακόβουλο συνημμένο of Microsoft Excel which could cause the system to become infected with Dridex.

This malware is often used as the initial stage of infection in attacks ransomware, where encrypt an organization's data and ask for ransom to decrypt it. More and more, these hackers use methods of double blackmail, where they will steal sensitive data from an organization and threaten to make it public if no payment is made.

Η CPR reported in March that attacks ransomware had increased by 57% at the beginning of 2021, but this trend continues to peak and has completed an increase of 107% from the same period last year. More recently, the Colonial Pipeline, One a large American fuel company, fell victim to such an attack in 2020, it is estimated that the ransomware cost businesses around the world about $ 20 billion - an amount that is almost 75% higher than in 2019.

For the first time, the agent Tesla took 2nd place in the list of top malware. The agent Tesla is an advanced one RAT (remote access Trojan) which has been active since 2014 and operates as keylogger and password stealer . This RAT can monitor and collect the data entered by the user, while it can record screenshots and export the credentials entered for various software installed on the victim's machine (including Google Chrome, Mozilla Firefox and Microsoft Outlook email client).

There is an increase in campaigns this month agent Tesla, which spread through a malicious message. The content of the e-mail asks you to download a file (it can be any type of file), which can infect the system with agent tesla.

"While we are witnessing a huge increase in attacks ransomware worldwide, it 's not surprising that this month' s top malware is associated with this trend. On average, every 10 seconds worldwide, an organism falls victim ransomware, ”Said the Maya Horowitz, CEO, Threat Intelligence & Research, Products of Check Point.

"Recently, there have been calls for governments to protect themselves even more from this growing threat, but it shows no signs of slowing down. All organizations need to be aware of the risks and ensure that there are adequate solutions against ransomware. Comprehensive training of all employees is also vital, so that they are equipped with the skills needed to detect the types of malicious emails that are spreading the word. Dridex and other malicious programs, as this is how many start ransomware exploits".

Η CPR also revealed that the “Development Server & Hosting Exposed Go Repository Information Disclosure"Is the most common vulnerability exploited, affecting 46% of organizations worldwide, followed by"HTTP Headers Remote -- Execution (CVE-2020-13756) ”which affects 45,5% of organizations worldwide. THE "MVPower DVR Remote -- Execution”Ranks third on the list of most frequently exploited vulnerabilities, with a global impact of 44%.

The 3 Most Common Malware Threats   

This month, the Dridex is still the most popular malware with a global impact of up to 15% of organizations, followed by agent tesla with 12% and Trickbot with 8%.

  1. Dridex - The Dridex it is a Trojan targeting their platform Windows and reportedly downloads via an attachment spam in e-mail. The Dridex communicates with a remote server and sends information about the infected system. It can also download and execute arbitrary modules received from the remote server.

  2. Agent Tesla - The agent tesla is an advanced one RAT that works as keylogger and information stealer, which is able to monitor and collect information entered by the user while still stealing screenshots to obtain credentials in various software installed on the victim's computer, such as the Google Chrome, the Mozilla Firefox and the email program Microsoft Outlook.

  3. Trickbot - Trickbot is a dominant banking trojan that is constantly updated with new features, features and distribution of infections. This allows Trickbot to be a flexible and customizable malware that can be distributed as part of multipurpose campaigns.

The most exploitable vulnerabilities   

This month the conviction " Development Server & Hosting Exposed Go Repository Information Disclosure " is the most frequently exploited, affecting 46% of organizations worldwide, followed by the "HTTP Headers Remote -- Execution (CVE-2020-13756)”Which affects 45,5% of organizations worldwide. THE " MVPower DVR Remote -- Execution ”Ranks third on the list of most frequently exploited vulnerabilities, with a global impact of 44%.

  1. Development Server & Hosting Exposed Go Repository Information Disclosure - vulnerability to information disclosure has been reported in Go. Successfully exploiting this vulnerability could allow unintentional disclosure of account information.

2.      HTTP Headers Remote -- Execution (CVE-2020-10826,CVE-2020-10827,CVE-2020-10828,CVE-2020-13756) - Specific fields in HTTP headers allow the client and server to transfer additional information. A remote intruder can use a vulnerable field HTTP to execute arbitrary code on the victim machine.

3.      MVPower DVR Remote -- Execution - On devices MVPower DVR there is a remote code execution vulnerability. An attacker from a distance can exploit this vulnerability and execute arbitrary code on the affected router through one crafted request.

The 3 Most Common Mobile Malware Threats

This month the xHelper ranks first in the most widespread malware for , followed by the Triada and Hiddad.

  1. xHelper - The xHelper is a malicious application that has been in the forefront since March 2019 and is used to download other malicious applications and display ads. The application is able to "hide" from the user and be reinstalled automatically in case it is uninstalled.

  1. Triada - Modular Backdoor for Android which provides super-user privileges to downloaded malware.

  2. Hiddad - The Hiddad it is a malware software Android which repackages legitimate applications and then releases them to a third-party store. Its main function is to display ads, but it can also gain access to key security details built into the operating system.

The complete list of the most common malware threats in Greece for April is:

  1. Agentesla- AgentTesla is an advanced RAT (remote access Trojan) that acts as a keylogger and password thief. Active since 2014, AgentTesla can track and collect what the user types, while it can capture screenshots and extract credentials imported for various types of software installed on the victim machine (including Google Firefox, Mozilla and Microsoft Outlook email client). AgentTesla sells openly as a legal RAT with customers paying $ 15- $ 69 for licenses.
  2. Dridex - Dridex is a Banking Trojan that targets the Windows platform via spam and Exploit Kits, which relies on WebInjects to monitor and redirect bank credentials to an intruder-controlled server. Dridex communicates with a remote server, sends information about the infected system, and can also download and run additional operating systems for remote control.
  3. FormBook - FormBook was first identified in 2016 and is an InfoStealer targeting the Windows operating system. FormBook collects credentials from various web browsers, collects screenshots, monitors and records keystrokes, and can download and execute files as instructed by its C&C.
  4. Trickbot - The Trickbot dominant banking trojan targeting platforms Windows and mainly transported through spam or from other families malware As the Emotet. It Trickbot sends information about the infected system and can also download and run arbitrarily modules from a wide range of available, such as one VNC module for remote use or one SMB module to spread within an affected network. Once a machine is infected, the threat factors behind the malware Trickbot, use this wide range modules not just to steal banking credentials from the target computer, but also for lateral movement and recognition within the organism itself, before a targeted attack ransomware throughout the company.
  5. Joker- The Joker An android Spyware on Google Play, designed to steal SMS messages, contact lists and device information. In addition, the malware secretly subscribes to the victim for premium services on advertising sites.
  6. XMRig - The XMRig is a software CPU mining open source which is used for the process of producing the cryptocurrency Monero and was first released in May on 2017.
  7. Remcos- Remcos is a RAT that first appeared in 2016. Remcos is distributed through malicious Microsoft Office documents that attach to SPAM emails and is designed to bypass Microsoft Windowss UAC security and run malicious software with high level privileges.
  8. Triada -Triada is a modular backdoor for Android, which provides super-user privileges for downloading malware. Triada has also been observed to tamper with URLs loaded into the browser.
  9. Danabot -Danabot is a Trickler that targets the Windows platform. The malware sends information to its control server and downloads and decrypts a file to run on the infected computer. In addition, the malware creates a shortcut in the user's boot folder to ensure that it stays on the infected system.
  10. xHelper - The xHelper is a malicious application that has been in the forefront since March 2019 and is used to download other malicious applications and display ads. The application is able to "hide" from the user and be reinstalled automatically in case it is uninstalled.

Family of malware

Global impact

Influence in Greece

Agentesla

11.99%

175.08%

Dridex

15.03%

62.61%

Formbook

2.56%

37.39%

Trickbot

8.48%

8.21%

Lokibot

1.25%

3.95%

Joker

0.07%

2.74%

XMRig

3.08%

2.43%

Nanocore

2.10%

2.13%

Remcos

1.15%

2.13%

Triada

0.35%

1.82%

Danabot

0.53%

1.82%

xHelper

0.78%

1.82%

The World Threat Impact List and the Map ThreatCloud of Check Point, based on ThreatCloud intelligence of Check Point, on the largest network cooperation to combat it cybercrime, which provides data on threats and trends in attacks, leveraging a global network of threat detectors. The base ThreatCloud includes over 3 billion websites and 600 million files daily and tracks more than 250 million activities malware every day.

In the link here you can find the full list.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).