Η Check Point Research reports a significant increase in attacks Lokibot in October, putting him in third place for the first time in five months. New Vulnerability, text4Shell, was revealed for the first time and the agent Tesla ranked first as the most widespread malware..
Η Check Point® Software Technologies Ltd. provider of global cybersecurity solutions, has published its Global Threat Index for October 2022. This month, the AgentTesla keylogger took the top spot as the most prevalent malware, affecting 7% of organizations worldwide. There was a significant increase in the number of attacks by the infostealer Lokibot, which reached third place for the first time in five months. A new vulnerability, Text4Shell, affecting the Apache Commons Text domain was also disclosed.
The Lokibot it is a commodity infostealer which is designed to collect credentials from a variety of applications, including: web browsers, email programs, and IT management tools. As trojan, his goal is to sneak, undetected, into one system disguised as a legitimate program. It can be distributed via email messages Phishing, malicious websites, SMS and other platforms vschangeof messages. This increase in popularity can be explained by the increase in campaigns spam regarding online enquiries, orders and payment confirmation messages.
A new critical vulnerability was also disclosed in October, the text4Shell, (CVE-2022-42889). Based in his field Apache Commons Text, this allows attacks over a network, without requiring specific privileges or user interaction. The text4shell it reminds of vulnerability log4Shell, which a year later is still one of the top threats, ranking second on October's list. Although the text4Shell didn't make the list of top exploited vulnerabilities this month, it has already affected over 8% of organizations worldwide and Check Point will continue to monitor its impact.
“We saw a lot of changes in the rankings this month, with a new set of malware families making up the top three. It is interesting that the Lokibot moved back up to third so quickly, which shows a growing trend towards attacks Phishing. As we head into November, which is a busy shopping period, it's important that people remain vigilant and watch out for suspicious emails that could carry malicious code. Look out for signs like the unknown sender, the request for personal information and links. If in doubt, visit the websites directly and find appropriate contact information from verified sources and ensure you have anti-malware installed," said Maya Horowitz, vice president of research Check Point Software.
CPR also revealed that “Web Server Exposed Git Repository Information Disclosure” is the most commonly exploited vulnerability, affecting 43% of organizations worldwide, closely followed by “Apache Log4j Remote Code Execution”, with an impact of 41%. In October the education/research also remained in first place as the most attacked industry worldwide.
The TOP malware families
* The arrows refer to the change of the ranking in relation to the previous month.
The agent Tesla was the most prevalent malware this month affecting 7% of organizations worldwide, followed by SnakeKeylogger which affects 5% and the Lokibot with an impact of 4%.
- ↑ agent Tesla -The agent Tesla is an advanced one RAT that works as keylogger and information thief. It is capable of monitoring and collecting the victim's keyboard input, the keyboard system, take screenshots and extract credentials to various software installed on the victim's machine (including Google Chrome, Mozilla Firefox and Microsoft Outlook).
- ↑ SnakeKeylogger- The SnakeKeylogger is a modular .NET keylogger and credential stealer first detected in November 2020. Its main function is to record user keystrokes and forward the collected data to threat actors. It is a major threat to a user's online security as this malware can intercept all kinds of sensitive information and is highly deficient.
- ↑Lokibot- The Lokibot is a spyware that is distributed primarily through phishing emails and is used to steal various data, such as e-mail credentials, as well as passwords to cryptocurrency wallets and servers. FTP.
The top industries under attack worldwide
In October, the Education/Research sector remained in first place as the most attacked sector worldwide, followed by the Government/Military sector and Healthcare.
1. Education/Research
2. Government / Army
3. Health
Top exploiting vulnerabilities
This month, the “Website Server & Hosting Exposed Go Repository Information Disclosure” remains the most commonly exploited vulnerability, affecting 43% of organizations worldwide. Followed by “Apache log4j Remote -- Execution” which remains in second place with an impact of 41% and “HTTP Headers Remote -- Execution” which ranks third with a global impact of 39%.
- ↔ Website Server & Hosting Exposed Go Repository Information Disclosure - An information disclosure vulnerability was reported in the Go Repository. Successfully exploiting this vulnerability could allow unintentional disclosure of account information.
- ↔ Apache log4j Remote -- Execution (CVE-2021-44228) - A remote code execution vulnerability exists in Apache log4j. Successfully exploiting this vulnerability could allow a remote intruder to execute arbitrary code on the affected system.
- ↑ HTTP Headers Remote -- Execution (CVE-2020-10826,CVE-2020-10827,CVE-2020-10828,CVE-2020-13756) - The HTTP headers allows the client and server to pass additional information with a request HTTP. A remote intruder can use a vulnerable header HTTP to execute arbitrary code on the victim's machine.
Top Malicious Mobile Apps
This month, the Anubis retained the top spot as the most prevalent mobile malware, followed by Hydra and Joker.
- Anubis - The Anubis it is a malicious bank Trojan which is designed for mobile phones Android. Since it was first identified, it has acquired additional functions such as functions Remote Access Trojan (RAT), capabilities keylogger and audio recording, as well as various functions ransomware. It has been identified in hundreds of different ones applications which are available at Google Store.
- Hydra - The Hydra is a banking Trojan which is designed to steal funding credentials by asking victims to enable risky permissions.
- Joker - The Joker it is a spyware Android on Google Play, designed to steal messages SMS, contact lists and device information. The malware can also sign up the victim for paid services premium without his consent or knowledge.
|
Greece Top Malware |
||
|
Malware_Family_Name |
global impact |
Country Impact |
|
Lokibot |
Present in several = 4.70% |
Present in several = 8.75% |
|
SnakeKeylogger |
Present in several = 4.80% |
Present in several = 7.00% |
|
agent Tesla |
Present in several = 7.15% |
Present in several = 3.79% |
|
Formbook |
Present in several = 2.45% |
Present in several = 2.92% |
|
Joker |
Present in several = 0.12% |
Present in several = 2.62% |
|
XMRig |
Present in several = 3.45% |
Present in several = 2.33% |
|
Badur |
Present in several = 0.59% |
Present in several = 2.04% |
|
Icedid |
Present in several = 3.96% |
Present in several = 2.04% |
|
XLoader |
Present in several = 0.89% |
Present in several = 1.75% |
|
Teabot |
Present in several = 0.07% |
Present in several = 1.75% |
|
Ramnit |
Present in several = 2.11% |
Present in several = 1.75% |
The Global Threat Impact Index and ThreatCloud Map of Check Point Software, based on ThreatCloud intelligence of the company, which provides real-time threat intelligence from hundreds of millions of sensors worldwide, across networks, endpoints and mobile phones. The ThreatCloud intelligence enriched with data based on AI and exclusively research data from Check Point Research, the Department market & Research of Check Point Software Technologies.
The full list of the top 10 malware families in October 2022 is at blog of Check Point.
