November 2021 the Top 10 of malware

Η Check Point Research market part of Check Point Software Technologies, he published This makes it a perfect choice for people with diabetes and for those who want to lose weight or follow a balanced diet. Global enviroment Threat Index for This makes it a perfect choice for people with diabetes and for those who want to lose weight or follow a balanced diet. month November of 2021. The researchers report that while the Trickbot remains at the top of the list of most prevalent malware, affecting 5% of organizations worldwide, the recently reborn Emotet returns to seventh place on the list.

Η CPR also reveals that the sector that receives the most attacks is that of Education / Research.

malware

Despite her significant efforts Europol and many other law enforcement earlier this year for suppression of Emotet, the infamous botnet it was confirmed to be back in action in November and is already the seventh most frequently used malware . It Trickbot tops the list for the sixth time this month and is even involved with new par of Emotet, which installs on infected computers using its infrastructure Trickbot.

The Emotet spreads through Phishing emails containing infected files Word, Excel and Zip, which develop the Emotet at of the victim. The emails contain interesting headlines such as current news, invoices and fake company memos to entice victims to open them. More recently, the Emotet it also began to spread through malicious packages Windows App Installer fake software Adobe.

"The Emotet is one of the most successful botnet in the history of cyberspace and is responsible for the explosion of targeted attacks ransomware which we have observed in recent years ", said the Maya Horowitz, VP Research in Check Point Software. "His return botnet in November is extremely worrying, as it could lead to a further increase in such attacks. The fact that it uses its infrastructure Trickbot means it shortens the time it would take to gain a fairly significant networking support around the world. As it spreads via email Phishing with malicious attachments, it is vital that both awareness and education of users are at the top of organizations's list of cyber security priorities. And anyone who wants to download software Adobe he must remember, as with any application, to do so only through official means ”.

Η CPR also revealed that the education / research sector is the one with the most attacks worldwide for the month of November, followed by communications and government / army. The "Development Servers Malicious URL Directory traverse” is still the most frequently exploited , affecting 44% of organizations worldwide, followed by “Development Server & Hosting Exposed Go Repository Information Disclosure”Which affects 43,7% of organizations worldwide. THE "HTTP Headers Remote -- ExecutionRemains at the top of the list of the most frequently exploited vulnerabilities, with a global impact of 42%.

Top malware families

* The arrows refer to the change of the ranking in relation to the previous month.

This month, the Trickbot is the most popular malware affecting 5% of organizations worldwide, followed by Agent Tesla and Formbook, both with a global impact of 4%.

  1.  Trickbot - Trickbot is a modular Botnet and Banking Trojan that is constantly updated with new features, characteristics and distribution channels. This of allows it to be a flexible and customizable malware that can be distributed as part of multi-purpose campaigns.

  2. Agent Tesla - The Agent Tesla is an advanced one RAT that works as keylogger and an interceptor capable of tracking and collecting victim's keyboard, system keypad, screenshots, and credentials on various software installed on the machine (including Google Chrome, Mozilla Firefox and Microsoft Outlook).

  3. Formbook - The Formbook it is a InfoStealer which collects credentials from various programs on the internet, collects screenshots, monitors and logs keystrokes, and can download and execute files on command C&C.

Leading attacks in industries worldwide:

This month, Education / Research is the industry with the most attacks worldwide, followed by Communications and Government / Army

  1. Education / Research

  2. Communications

  3. Government / Army

Top exploiting vulnerabilities

This month, the " Development Servers Malicious URL Directory traverse"Is still the most commonly exploited vulnerability, affecting 44% of organizations worldwide, followed by" Development Server & Hosting Exposed Go Repository Information Disclosure ", Which affects 43,7% of organizations worldwide. THE " HTTP Headers Remote -- ExecutionRemains at the top of the list of vulnerabilities with the most farms, with a global impact of 42%.

  1. Development Servers Malicious URL Directory traverse (CVE-2010-4598,CVE-2011-2474,CVE-2014-0130,CVE-2014-0780,CVE-2015-0666,CVE-2015-4068,CVE-2015-7254,CVE-2016-4523,CVE-2016-8530,CVE-2017-11512,CVE-2018-3948,CVE-2018-3949,CVE-2019-18952,CVE-2020-5410,CVE-2020-8260) - There is a vulnerability in directory crossing on various web servers. Vulnerability is due to an entry validation error on a web server that does not properly clear the address URL for directory crossing patterns. Successful exploitation allows unauthorized remote attackers to detect or gain access to arbitrary files on the vulnerable server.

  2. Development Server & Hosting Exposed Go Repository Information Disclosure - A security loophole has been reported to reveal information on Go Repository. Successfully exploiting this vulnerability could allow unintentional disclosure of account information.

  3.  HTTP Headers Remote -- Execution (CVE-2020-10826,CVE-2020-10827,CVE-2020-10828,CVE-2020-13756) - The headers HTTP allow the client and server to transfer additional information with one request HTTP. A remote intruder can use a vulnerable header HTTP to execute arbitrary on the victim's machine.

Top Malicious Mobile Apps

This month, the AlienBot ranks first in the most prevalent malware for mobile, followed by xHelper and flubot. 

  1. AlienBot - The malware family AlienBot it is a -as-a-Service (MaaS) for devices Android which allows a remote intruder, as a first step, to introduce malicious code into legitimate financial applications. The attacker gains access to the victims' accounts and eventually takes full control of their device.

  2. xHelper - A malicious application seen in the wild since March 2019, which is used to other malicious applications and the display of advertisements. The app is capable of being hidden from the user and can even be reinstalled in case it has been uninstalled.

  3. flubot - The flubot it is a botnet Android distributed via messages SMS Phishing, which most often impersonate brands Logistics. Once the user clicks on the link in the message, flubot installs and accesses all sensitive phone information.

agent Tesla– AgentTesla is an advanced RAT (Remote Access Trojan) that acts as a keylogger and password stealer. Active since 2014, AgentTesla can monitor and collect in keyboard and system clipboard of the victim, and can capture screenshots and extract credentials entered for a variety of software installed on the victim's machine (including Google Chrome, Mozilla Firefox, and Microsoft Outlook email client). AgentTesla is openly sold as a legitimate RAT with customers paying $15 – $69 for licenses.

Formbook- FormBook was first identified in 2016 and is an InfoStealer targeting the Windows operating system. It is marketed as MaaS in underground hacking forums for its powerful avoidance techniques and relatively low price. FormBook collects credentials from various web browsers, collects screenshots, monitors and records keystrokes, and can download and execute files as instructed by its C&C.

Trickbot- The Trickbot is a modular Botnet and banking Trojan targeting the Windows platform, which is mainly distributed through spam campaigns or other malware families such as Emotet. Trickbot sends information about the infected system and can also download and execute arbitrary modules from a wide range of available modules: from a VNC module for remote control, to an SMB module for propagation within a compromised network. Once a machine is infected, the Trickbot gang, the threat actors behind this malware, use this wide range of modules not only to steal banking credentials from the target computer, but also to later and identifying the target organization itself, before launching a targeted company-wide ransomware attack.

Vidar- Vidar is an infolstealer targeting Windows operating systems. It was first detected in late 2018 and is designed to steal passwords, credit card data and other sensitive information from various internet browsers and digital wallets. Vidar has been sold on various online forums and is used as a malware dropper that downloads ransomware GandCrab as a secondary payload.

Remcos That's it Remcos is a RAT that first appeared in the wild in 2016. Remcos is distributed through malicious Microsoft Office documents that attach to SPAM emails and is designed to bypass Microsoft Windowss UAC security and run high-malware level privileges.

Zapchat- An IRC-controlled Backdoor that allows an intruder to gain unauthorized access and control of an affected machine. When the backdoor runs, it establishes a connection to an IRC (Internet Relay Chat) server. It then creates a bot on a specific channel or IRC server and uses the channel to control its multiple bots and launch distributed denial of service (DDoS) attacks.

Danabot- Danabot is a Trickler aimed at the Windows platform. Malicious software sends information to its control server and downloads and decrypts a file to run on the infected computer. According to information, the downloaded drive can download other malicious files to the network. Additionally, the malware creates a shortcut in the user's boot folder to ensure that it stays on the infected system.

Joker- An android Spyware on Google Play, designed to steal SMS messages, contact lists and device information. In addition, the malware silently signals to the victim for premium services on advertising sites.

Strat- Strrat is a RAT (Remote Administration Trojan). RAT can steal login keypads, login credentials stored in browsers, and can remotely control infected Windows operating systems.

xHelper- A malicious application that has been observed in nature since March 2019 and is used to download other malicious applications and display ads. The application is capable of being hidden from the user and reinstalled in case it has been uninstalled.

Lokibot- The LokiBot was first detected in February 2016 and is an information thief with versions for both Windows and Android OS. Collects credentials from various applications, web browsers, e-mail programs, IT management tools such as PuTTY and more. LokiBot is sold in hacking forums and it is believed that its source code was leaked, thus allowing the appearance of numerous variations. As of late 2017, some versions of LokiBot for Android include ransomware functionality in addition to the ability to steal information.

Check Point Software's Global Threat Impact Index and ThreatCloud Map are based on the company's ThreatCloud intelligence division. ThreatCloud provides real-time threat intelligence from hundreds of millions of sensors worldwide, across networks, endpoints and mobile devices. Intelligence is enriched with AI- engines and exclusive research data from Check Point Research, the Intelligence & Research division of Check Point Software Technologies.

The full list of the top 10 malware families in November can be found on her blog Check Point.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
malware, top 10, iguru

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).