November 2021 the Top 10 of malware


Η Check Point ResearchThreat Intelligence part of Check Point Software Technologies, he published This makes it a perfect choice for people with diabetes and for those who want to lose weight or follow a balanced diet. Global Threat Index for This makes it a perfect choice for people with diabetes and for those who want to lose weight or follow a balanced diet. month November of 2021 The researchers report that while the Trickbot remains at the top of the list of most prevalent malware, affecting 5% of organizations worldwide, the recently reborn Emotet returns to seventh place on the list.

Η CPR also reveals that the sector that receives the most attacks is that of Education / Research.

malware

Despite her significant efforts Europol and many other law enforcement earlier this year for suppression of Emotet, the infamous botnet was confirmed to be back in action in November and is already the seventh most commonly used malware. The Trickbot is at the top of the list for the sixth time this month and is even involved with its new variant Emotet, which installs on infected computers using its infrastructure Trickbot.

The Emotet spreads through Phishing emails containing infected files Word, Excel and Zip, which develop the Emotet on the victim's computer. The emails contain interesting headlines such as breaking news, invoices and fake corporate notes to entice victims to open them. More recently, the Emotet it also began to spread through malicious packages Windows App Installer fake software Adobe.

"The Emotet is one of the most successful botnet in the history of cyberspace and is responsible for the explosion of targeted attacks ransomware which we have observed in recent years ", said the Maya Horowitz, VP Research in Check Point Software. "His return botnet in November is extremely worrying, as it could lead to a further increase in such attacks. The fact that it uses its infrastructure Trickbot means it shortens the time it would take to gain a fairly significant networking support around the world. As it spreads via email Phishing with malicious attachments, it is vital that both awareness and education of users are at the top of organizations's list of cyber security priorities. And anyone who wants to download software Adobe he must remember, as with any application, to do so only through official means ”.

Η CPR also revealed that the education / research sector is the one with the most attacks worldwide for the month of November, followed by communications and government / army. The "Web Servers Malicious URL Directory Traversal"Is still the most frequently exploited vulnerability, affecting 44% of organizations worldwide, followed by"Web Server & Hosting Exposed Go Repository Information Disclosure”Which affects 43,7% of organizations worldwide. THE "HTTP Headers Remote Code ExecutionRemains at the top of the list of the most frequently exploited vulnerabilities, with a global impact of 42%.

Top malware families

* The arrows refer to the change of the ranking in relation to the previous month.

This month, the Trickbot is the most popular malware affecting 5% of organizations worldwide, followed by Agent Tesla and the Formbook, both with a global impact of 4%.

  1.  Trickbot - Trickbot is a modular Botnet and Banking Trojan that is constantly updated with new features, characteristics and distribution channels. This of allows it to be a flexible and customizable malware that can be distributed as part of multi-purpose campaigns.

  2. Agent Tesla - The Agent Tesla is an advanced one RAT that works as keylogger and an interceptor capable of tracking and collecting victim's keyboard, system keypad, screenshots, and credentials on various software installed on the machine (including Google Chrome, Mozilla Firefox and Microsoft Outlook).

  3. Formbook - The Formbook it is one InfoStealer collects credentials from various web browsers, collects screenshots, monitors and records keystrokes, and can download and execute files according to commands C&C.

Leading attacks in industries worldwide:

This month, Education / Research is the industry with the most attacks worldwide, followed by Communications and Government / Army

  1. Education / Research

  2. Communications

  3. Government / Army

Top exploiting vulnerabilities

This month, the " Web Servers Malicious URL Directory Traversal"Is still the most commonly exploited vulnerability, affecting 44% of organizations worldwide, followed by" Web Server & Hosting Exposed Go Repository Information Disclosure ", Which affects 43,7% of organizations worldwide. THE " HTTP Headers Remote Code ExecutionRemains at the top of the list of vulnerabilities with the most farms, with a global impact of 42%.

  1. Web Servers Malicious URL Directory Traversal (CVE-2010-4598,CVE-2011-2474,CVE-2014-0130,CVE-2014-0780,CVE-2015-0666,CVE-2015-4068,CVE-2015-7254,CVE-2016-4523,CVE-2016-8530,CVE-2017-11512,CVE-2018-3948,CVE-2018-3949,CVE-2019-18952,CVE-2020-5410,CVE-2020-8260) - There is a vulnerability in directory crossing on various web servers. Vulnerability is due to an entry validation error on a web server that does not properly clear the address URL for directory crossing patterns. Successful exploitation allows unauthorized remote attackers to detect or gain access to arbitrary files on the vulnerable server.

  2. Web Server & Hosting Exposed Go Repository Information Disclosure - A security loophole has been reported to reveal information on Go Repository. Successfully exploiting this vulnerability could allow unintentional disclosure of account information.

  3.  HTTP Headers Remote Code Execution (CVE-2020-10826,CVE-2020-10827,CVE-2020-10828,CVE-2020-13756) - The headers HTTP allow the client and server to transfer additional information with one request HTTP. A remote intruder can use a vulnerable header HTTP to execute arbitrary code on the victim's machine.

Top Malicious Mobile Apps

This month, the AlienBot ranks first in the most prevalent malware for mobile, followed by xHelper and the FluBot. 

  1. AlienBot - The malware family AlienBot it is one Malware-as-a-Services (MaaS) for devices Android which allows a remote intruder, as a first step, to introduce malicious code into legitimate financial applications. The attacker gains access to the victims' accounts and eventually takes full control of their device.

  2. xHelper - A malicious application observed in nature since March 2019, which is used to download other malicious applications and display ads. The application is capable of being hidden from the user and can even be reinstalled if it has been uninstalled.

  3. FluBot - The FluBot it is one botnet Android distributed via messages SMS Phishing, which most often imply delivery brands Logistics. Once the user clicks on the link in the message, FluBot installs and accesses all sensitive phone information.

agent TeslaAgentTesla is an advanced RAT (Trojan Remote Access) that acts as a keylogger and password thief. Active since 2014, AgentTesla can track and collect victim input's keyboard and clipboard, and capture screenshots and extract credentials for a variety of software installed on the victim's machine (including Chrome, Mozilla Firefox and Microsoft Outlook email client). AgentTesla sells openly as a legal RAT with customers paying $ 15- $ 69 for licenses.

Formbook- FormBook was first identified in 2016 and is an InfoStealer targeting the Windows operating system. It is marketed as MaaS in underground hacking forums for its powerful avoidance techniques and relatively low price. FormBook collects credentials from various web browsers, collects screenshots, monitors and records keystrokes, and can download and execute files as instructed by its C&C.

Trickbot- The Trickbot is a modular Botnet and banking Trojan that targets the Windows platform, which is distributed mainly through spam campaigns or other malware families such as Emotet. Trickbot sends information about the infected system and can also download and execute arbitrary modules from a wide range of available modules: from a VNC module for remote control to an SMB module for distribution within a compromised network. Once a machine is infected, the Trickbot gang, the menacing agents behind this malware, use this wide range of modules not only to steal bank credentials from the target computer, but also to move around and identify itself. target organization, before launching a targeted ransomware attack across the company.

Vidar- Vidar is an infolstealer targeting Windows operating systems. It was first detected in late 2018 and is designed to steal passwords, credit card data and other sensitive information from various internet browsers and digital wallets. Vidar has been sold on various online forums and is used as a malware dropper that downloads ransomware GandCrab as a secondary payload.

Remcos That's it Remcos is a RAT that first appeared in the wild in 2016. Remcos is distributed through malicious Microsoft Office documents that attach to SPAM emails and is designed to bypass Microsoft Windowss UAC security and run high-malware level privileges.

Zapchast- An IRC-controlled Backdoor that allows an intruder to gain unauthorized access and control of an affected machine. When the backdoor runs, it establishes a connection to an IRC (Internet Relay Chat) server. It then creates a bot on a specific channel or IRC server and uses the channel to control its multiple bots and launch distributed denial of service (DDoS) attacks.

Danabot- Danabot is a Trickler aimed at the Windows platform. Malicious software sends information to its control server and downloads and decrypts a file to run on the infected computer. According to information, the downloaded drive can download other malicious files to the network. Additionally, the malware creates a shortcut in the user's boot folder to ensure that it stays on the infected system.

Joker- An android Spyware on Google Play, designed to steal SMS messages, contact lists and device information. In addition, the malware silently signals to the victim for premium services on advertising sites.

Strrat- Strrat is a RAT (Remote Administration Trojan). RAT can steal login keypads, login credentials stored in browsers, and can remotely control infected Windows operating systems.

xHelper- A malicious application that has been observed in nature since March 2019 and is used to download other malicious applications and display ads. The application is capable of being hidden from the user and reinstalled in case it has been uninstalled.

Lokibot- The LokiBot was first detected in February 2016 and is an information thief with versions for both Windows and Android OS. Collects credentials from various applications, web browsers, e-mail programs, IT management tools such as PuTTY and more. LokiBot is sold in hacking forums and it is believed that its source code was leaked, thus allowing the appearance of numerous variations. As of late 2017, some versions of LokiBot for Android include ransomware functionality in addition to the ability to steal information.

Check Point Software's Global Threat Impact Index and ThreatCloud Map are based on the company's ThreatCloud intelligence division. ThreatCloud provides real-time threat information from hundreds of millions of sensors worldwide, through networks, endpoints, and mobile devices. The intelligence is enriched with AI-based engines and exclusive research data from Check Point Research, the Intelligence & Research department of Check Point Software Technologies.

The full list of the top 10 malware families in November can be found on her blog Check Point.

Registration in iGuRu.gr via Email

Enter your email to subscribe to the email notification service for new posts.


Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News iGuRu.gr at Google news