March 2022: Emotet the most common malware

Η Check Point , This makes it a perfect choice for people with diabetes and for those who want to lose weight or follow a balanced diet. part research of Check Point Software Technologies Ltd., published it Global enviroment Threat Index for March 2022. Researchers report that Emotet remains dominant, as the most popular malware , affecting 10% of organizations worldwide, twice as many as in February.

malware digit

The Emotet is an advanced, self-propagating and modular trojan which uses multiple methods to maintain resilience and avoidance techniques to avoid detection. From his return last November and recent announcement that the Trickbot has shut down, the Emotet strengthens its position as the most widespread malware.

This has been further consolidated this month as many aggressive email campaigns distribute botnet, including various efforts Phishing Easter theme, taking advantage of the start of the festive season. These emails were sent to victims around the world, such as one entitled "good Easter, happy ", To which a malicious file was attached XLS for its delivery Emotet.

This month, the Agent Tesla, the advanced RAT that works as keylogger and steals information, is the second most common malware, after the fourth place in the list last month. His rise Agent Tesla due to several new malicious campaigns spam who distribute it RAT through malicious files xLSX/pdf worldwide. Some of them took advantage of the war Russia / Ukraine to entice their victims.

"Technology has evolved in recent years to the point where cybercriminals are increasingly relying on human trust to enter a corporate network. On the subject of electronic messages Phishing around seasonal holidays, such as Easter, can take advantage of the holiday dynamics and entice their victims to download malicious attachments containing malicious programs such as Emotet. Εν όψει του Μεγάλου Σαββάτου και της Κυριακής του Πάσχα, αναμένουμε να δούμε περισσότερες από αυτές τις απάτες και προτρέπουμε τους χρήστες να δώσουν ιδιαίτερη προσοχή, ακόμη και αν το μήνυμα ηλεκτρονικού ταχυδρομείου μοιάζει να προέρχεται από αξιόπιστη πηγή. Το Πάσχα δεν είναι η μόνη αργία και οι εγκληματίες του κυβερνοχώρου θα συνεχίσουν να χρησιμοποιούν τις ίδιες τακτικές για να προκαλέσουν ", Said the Maya Horowitz, VP Research in Check Point Software. "It simply came to our notice then Apache log4j became again the number one vulnerability with the most exploitation. Even after all the talk about this vulnerability at the end of last year, it still causes damage months after it was first identified. "Organizations must take immediate action to prevent attacks."

Η CPR also revealed this month that education / research is still the number one industry with the most attacks, followed by government / military and Internet service providers / managed service providers (ISP/MSP). THE "Development Server & Hosting Exposed Go Repository Information DisclosureIs now the second most frequently exploited vulnerability, affecting 26% of organizations worldwide, while the "Apache log4j Remote -- Execution”Occupies the first place, affecting 33% of the organizations. The "HTTP Headers Remote -- Execution (CVE-2020-10826,CVE-2020-10827,CVE-2020-10828,CVE-2020-13756) ”maintains the third place with an impact of 26% worldwide.

Examples of emails Phishing on the theme of Easter

ghghghgh
Figure 1 Example of Easter Phishing Email
hhhhhhhh
Figure 2 Example of an Easter e-mail sent to various countries

The TOP malware families

* The arrows refer to the change of the ranking in relation to the previous month.

This month, the Emotet is still the most popular malware with a global impact of 10% of organizations worldwide, followed by Agent Tesla and XMRig with an impact of 2% of the organizations each.

  1. Emotet - evolved modular trojan self-reproducing. The Emotet once functioned as wiretapping and recently used to distribute other malware or in propagation campaigns malware. It uses many methods and avoidance techniques to stay in the system and avoid detection. In addition, it can be spread through spam Email phishing (Phishing) containing attachments or links to malicious content.

  2. Agent Tesla -THE Agent Tesla is an advanced one RAT that works as keylogger and information thief, which is capable of monitoring and collecting the victim's keyboard input, the system keyboard, taking screenshots, and extracting credentials to various software installed on the victim's machine (including Chrome, Mozilla Firefox and Microsoft Outlook Email client).

  3. XMRig - The XMRig is a mining software CPU open source used for the cryptocurrency mining process Monero and debuted in May 2017.

Top attacking industries worldwide

This month, Education / Research is the number one industry with the most attacks in the world, followed by the government / military, followed by ISP/MSP.

1. Education / Research

2. Government / Army

3. ISP/MSP

The most exposed vulnerabilities

This month the "Apache log4j Remote -- Execution" is the most commonly exploited vulnerability, affecting 33% of organizations worldwide, followed by “ Development Server & Hosting Exposed Go Repository Information Disclosure ", Which fell from first to second place and affects 26% of organizations worldwide. THE "HTTP Headers Remote -- ExecutionIs still in third place on the list of vulnerabilities with the most farms, with an impact of 26% worldwide.

  1. Apache log4j Remote -- Execution (CVE-2021-44228) - A remote vulnerability s code exists in the Apache log4j. Successfully exploiting this vulnerability could allow a remote intruder to execute arbitrary code on the affected system.

  2. Development Server & Hosting Exposed Go Repository Information Disclosure A vulnerability to disclosing information was reported in Go Repository. Successfully exploiting this vulnerability could allow unintentional disclosure of account information.

  3. ↔ HTTP Headers Remote -- Execution (CVE-2020-10826,CVE-2020-10827,CVE-2020-10828,CVE-2020-13756) - The HTTP headers allow the client and server to transmit additional information with a request HTTP. A remote intruder can use a vulnerable header HTTP to execute arbitrary code on the victim's machine.

The main malware for mobile phones

This month the AlienBot is the most common mobile malware, followed by xHelper and flubot.

  1. AlienBot - The malware family AlienBot it is a Malware-as-a-Service (MaaS) for devices Android which allows a remote intruder, in the first instance, to introduce malicious code into legitimate financial applications. The attacker gains access to the victims' accounts and eventually takes full control of their device.

  2. xHelper - A malicious application that has been released since March 2019 and is used to download other malicious applications and display ads. The application is capable of being hidden from the user and reinstalled if uninstalled.

  3. flubot- The flubot is a malware Android distributed via messages SMS phishing (Smishing), which most often imply delivery marks Logistics. Once the user does link in the message redirects to download a fake app that contains the flubot. Once installed, the malware has various capabilities for collecting credentials and supporting the business itself. Smishing, including uploading contact lists and sending messages SMS to other telephone numbers.

The most common threats in for March 2022:

Emotet - sophisticated self-replicating modular trojan. Emotet once served as a Trojan horse for spying on bank accounts and has recently been used to distribute other malware or malware campaigns. It uses many avoidance methods and techniques to stay in the system and avoid detection. Additionally, it may be spread by spam emails containing phishing attachments or links.

Lokibot- LokiBot was first spotted in February 2016 and is a commodity infostealer with versions for both Windows and Android OS. Collects credentials from various applications, web browsers, e-mail programs, IT management tools such as PuTTY and more. LokiBot is sold in hacking forums and it is believed that its source code was leaked, thus allowing the appearance of numerous variations. As of late 2017, some versions of LokiBot for Android include ransomware functionality in addition to the ability to steal information.

agent Tesla- AgentTesla is an advanced RAT that acts as a keylogger and password thief and has been active since 2014. AgentTesla can monitor and collect the victim's keyboard and draft system, while it can capture screenshots and extract credentials for various software installed on the victim's machine (including Google Chrome, Mozilla Firefox, and Microsoft Outlook email client). AgentTesla is sold in various online shopping and hacking forums.

RemcosRemcos is a RAT that first appeared in the wild in 2016. Remcos is distributed through malicious Microsoft Office documents, which are attached to SPAM emails, and is designed to bypass Microsoft Windowss UAC security and run malware with high privileges.

Qrat- QRat is a Java-based remote access Trojan that also acts as a backdoor for keylogging and other spyware. The QRat was introduced in 2015 and has since been sold as a MaaS model in various forums.

XMRig-XMRig is an open source CPU mining software used to extract Monero cryptocurrency. Threateners often abuse this open source software by embedding it in their malware to carry out illegal mining on victims' devices.

The top 5 per country

Malware

Global impact

Greece

Emotet

10.03%

25.28%

Lokibot

1.01%

11.52%

agent Tesla

2.44%

7.02%

Remcos

1.30%

5.62%

QRat

0.39%

3.09%

XMRig

2.03%

3.09%

Are Check Point Software's Global Threat Impact List and ThreatCloud Map based on its ThreatCloud intelligence? Company, the largest network for cooperation in the fight against cybercrime, which provides data on threats and trends in attacks, utilizing a global network of threat detectors.

The ThreatCloud database includes over 3 billion websites and 600 million files daily and detects more than 250 million malware activities each day.

The full list of the top 10 malware families in March can be found on her blog checkpoint.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
emotet, Check Point, iguru

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).