Formbook the most widespread malware in September 2022

Η Check Point Research points out that the infostealer Vidar made the list of the top ten most widespread malware after a fake campaign Zoom. Cyber ​​attacks in Eastern European countries have increased dramatically and Education/Research is the most affected sector globally.

malware

Check Point Research (CPR), This makes it a perfect choice for people with diabetes and for those who want to lose weight or follow a balanced diet. part you are investigating Her Threat Intelligence Check Point Software Technologies Ltd. a leading global provider of cyber security solutions, has published its Global Threat Index for September 2022. The CPR states that as the Formbook is still the most prevalent malware, affecting 3% of organizations worldwide, the Vidar it is now in eighth place, climbing seven places since last August. 

The Vidar it is a infostealer designed to give hackers backdoor access, allowing them to steal sensitive banking information, login credentials, addresses IP, browser history and crypto wallets from infected devices. Its rise to prominence follows a malicious campaign in which they were used fake websites Zoom, such as zoomus[.]website and zoom meeting-download[.]space, to trick innocent users into downloading the malware. The Formbook, one infostealer targeting the operating system Windows, remains in first place. 

Since the start of the Russia-Ukraine war, the CPR continues to monitor the impact of cyber attacks in both countries. As the conflict intensifies, its Global Threat Index CPR for September marked a significant change in the "threat ranking" of many Eastern European countries. A threat ranking represents the degree to which an organization is under attack in a particular country compared to the rest of the world. During September, Ukraine had jumped 26 places, Poland and Russia each climbed 18 places, and both Lithuania and Romania rose 17 places, among others. All of these countries are now among the top 25 countries, with the biggest drop in their rankings taking place in the last month.

“As the war on the ground continues, so does the war in cyberspace. It's probably no coincidence that the threat scores of many Eastern European countries have risen over the past month. All organizations are at risk and must shift to a prevention-first cybersecurity strategy before it's too late," commented Maya Horowitz, VP Research at Check Point. “When it comes to the most prevalent malwares in September, it is interesting to see Vidar jump into the top ten after a long absence. Zoom users should be alert and keep their eyes open for fraudulent links as this is how this malware is being distributed lately. Always be on the lookout for inconsistencies or misspellings in URLs. If it looks suspicious, it probably is."

Η CPR also revealed that theWebsite Server & Hosting Exposed Go Repository Information Disclosure” is the most commonly exploited vulnerability, affecting 43% of organizations worldwide, closely followed by “Apache log4j Remote -- Execution", which fell from first place to second, with an impact of 42%. In September education/research also remained in first place as the most attacked sector globally.

Top malware families

* The arrows refer to the change of the ranking in relation to the previous month.

This month, the Formbook is still the most prevalent malware affecting 3% of organizations worldwide, followed by XMRig and agent Tesla both of which affect 2% of organizations worldwide.

  1. Formbook - The FormBook it is a info stealer targeting the operating system Windows and was first identified in 2016. Available on the market as Malware as a Service (MaaS) to underground hacking Forums for its powerful avoidance techniques and its relatively low price. The FormBook collects credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files according to commands from C&C of.

  2. XMRig - The XMRig it's software CPU open source used to mine the cryptocurrency Monero. Threat actors often abuse this open source software by integrating it into their malware to conduct illegal mining on victims' devices.

  3. agent Tesla - The agent Tesla is an advanced one RAT that works as keylogger and information thief. It is capable of monitoring and collecting the victim's keyboard input, system keyboard, taking screenshots and extracting credentials to various software installed on the victim's machine (including Google Chrome, Mozilla Firefox and email program Microsoft Outlook).

Top attacking industries worldwide

This month her field education / research remains in first place as the most attacked industry worldwide, followed by government/military sector and the health care.

  1. Sector etrainings/researchς
  2. Government/Militaryς sector
  3. Health care

Top Vulnerabilities to Exploit

This month, the "Website Server & Hosting Exposed Go Repository Information Disclosure" is the most commonly exploited vulnerability, affecting 43% of organizations worldwide. Followed by "Apache log4j Remote -- Execution", which dropped from first place to second and affects 42% of organizations. Also, the "Command Injection About HTTP" jumps to third place, with a 40% impact worldwide.

  1. Website Server & Hosting Exposed Go Repository Information Disclosure A vulnerability to information disclosure has been reported in Go Repository. Successfully exploiting this vulnerability could allow unintentional disclosure of account information.

  2. Apache log4j Remote -- Execution (CVE-2021-44228) – There is a remote code execution vulnerability in Apache log4j. Successfully exploiting this vulnerability could allow a remote intruder to execute arbitrary code on the affected system.

  3. Command Injection About HTTP (CVE-2021-43936,CVE-2022-24086) – A command injection vulnerability has been reported via HTTP. A remote attacker can exploit this issue by sending a specially crafted request to the victim. Successful exploitation would allow an attacker to execute arbitrary code on the target machine.

Top Malicious Mobile Apps

This month, the Anubis rose to the top spot as the most prevalent mobile malware, followed by Hydra and Joker.

  1. Anubis - The Anubis it is a malicious bank Trojan which is designed for mobile phones Android. Since it was first identified, it has acquired additional functions such as functions Remote Access Trojan (RAT), capabilities keylogger and audio recording, as well as various functions ransomware. It has been spotted in hundreds of different apps available on the Google Store.

  2. Hydra - The Hydra is a banking Trojan which is designed to steal funding credentials by asking victims to enable risky permissions.

  3. Joker - A spyware Android on Google Play, designed to steal messages SMS, contact lists and device information. In addition, the malware can also sign up the victim for paid services premium without his consent or knowledge.

Greece the Top Five MALWARE:

MALWARE

GLOBAL IMPACT

GREECE

SnakeKeylogger

1.93%

7.08%

Ramnit

2.07%

3.83%

Formbook

2.96%

3.54%

Joker

0.09%

2.65%

agent Tesla

2.21%

2.65%

 

The full list of the top 10 malware families in September 2022 is at blog of Check Point.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.096 registrants.
malware, Check Point Research, iguru

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).