Η Check Point Research, its research department Check Point Software Technologies, he says Trickbot as the most common malware while trojan remote access, nRAT, appears for the first time in the list.
Η Check Point Research, This makes it a perfect choice for people with diabetes and for those who want to lose weight or follow a balanced diet. Threat intelligence part of Check Point Software Technologies Ltd., a provider of cybersecurity solutions worldwide, published the Global Threat Index for the month of September 2021. The research team reports that Trickbot returned to the top of the list, while it had fallen to second place in August after a quarterly "kingdom".
The trojan remote access, nRAT entered the top ten for the first time, taking his place Phorpiex which is no longer active. Trickbot is a banking trojan that can steal financial information, account credentials and personal data, as well as spread to a network and launch a ransomware attack. From abolition of Emotet Last January, the Trickbot trojan gained popularity. It is constantly upgraded with new features, characteristics and distribution channels allowing it to be a flexible and customizable malware that can be distributed as part of multi-purpose campaigns.
"In the same month that Trickbot "Once again it became the most widespread malware, it was reported that one of the members of this gang was arrested after an investigation in the USA", said the Maya Horowitz, VP Research in Check Point Software. "Apart from other accusations that have been filed this year in the fight against him trojan, we hope that the dominance of the gang will end soon. But, as always, there is still a long way to go. This week our researchers reported that in 2021 there are 40% more attacks per week on organizations worldwide compared to 2020, but most, if not all, of them could have been prevented. "Organizations should no longer delay adopting a prevention-first approach to cybersecurity."
Η CPR also revealed this month that the “Web Server & Hosting Exposed Go Repository Information Disclosure"Is the most common vulnerability to be exploited, affecting 44% of organizations worldwide, followed by"Command Injection About HTTP”Which affects 43% of organizations worldwide. The "HTTP Headers Remote Code Execution”Ranks third in the list of most vulnerable vulnerabilities to exploit, with a global impact of also 43%.
Top malware families
* The arrows refer to the change of the ranking in relation to the previous month.
In September Trickbot is the most popular malware affecting 4% of organizations worldwide, followed by Formbook and XMRig, each affecting 3% of organizations worldwide.
1. ↑ Trickbot - The Trickbot it is one modular Botnet and Banking Trojan which is constantly updated with new features, capabilities and distribution channels. This allows Trickbot be a flexible and customizable malware that can be distributed as part of multi-purpose campaigns.
2. ↓ Formbook - The Formbook it is one infostealer collects credentials from various web browsers and screenshots, monitors and records keystrokes, and can download and execute files as instructed C&C.
3. ↑ XMRig - The XMRig is a mining software CPU open source used for the cryptocurrency mining process Monero and debuted in May 2017.
The most exploitable vulnerabilities
In September the "Web Server & Hosting Exposed Go Repository Information Disclosure"Is the most exploited vulnerability, affecting 44% of organizations worldwide, followed by"Command Injection About HTTP”Which affects 43% of organizations worldwide. The "HTTP Headers Remote Code Execution”Occupies the third place in the list of the most vulnerable to exploitation, with a global impact also 43%.
1. ↔ Web Server & Hosting Exposed Go Repository Information Disclosure - Vulnerability to information disclosure has been reported in Go Repository. Successfully exploiting this vulnerability could allow unintentional disclosure of account information.
2. ↑ Command Injection About HTTP - A command distribution through its vulnerability has been reported HTTP. A remote intruder can take advantage of this issue by sending a specially crafted request to the victim. Successful exploitation would allow an attacker to execute arbitrary code on the target machine.
3. ↓ HTTP Headers Remote Code Execution (CVE-2020-10826,CVE-2020-10827,CVE-2020-10828,CVE-2020-13756) - The HTTP headers allow the client and server to transmit additional information with a request HTTP. A remote intruder can use a vulnerable HTTP header to execute arbitrary code on the victim's machine.
Top Malware for mobile phones
In September xHelper remained at the forefront of the most prevalent mobile malware, followed by AlienBot and FluBot.
1. xHelper - A malicious application that first appeared in March 2019 and is used to download other malicious applications and display ads. The application can be hidden from the user and can even be reinstalled if it is removed.
2. AlienBot - The malware family AlienBot it is one Malware-as-a-Services (MaaS) for Android devices that allow a remote intruder to initially insert malicious code into legitimate financial applications. The attacker gains access to the victims' accounts and eventually takes full control of their device.
3. FluBot - The FluBot is a malware Android distributed via messages (SMS) e-fishing (Phishing) and usually pretends to be transport companies Logistics. As soon as the user clicks on the link in the message, FluBot installs and accesses all sensitive phone information.
The top 10 in GREECE
Impact on Greece
Their families Malware analytically
The agent Tesla is an advanced one RAT (Trojan remote access) which operates as keylogger and password thief. Active since 2014, the agent Tesla can monitor and collect the victim's keyboard and draft system, and can capture screenshots and extract credentials entered for a variety of software installed on the victim's machine (including Google Chrome, Mozilla Firefox and Microsoft Outlook email client). The agent Tesla sold openly as legal RAT with customers paying $ 15 - $ 69 for licenses.
The FormBook it is one InfoStealer targeting the operating system of Windows and 2016 was first detected. Advertised on hacking Forums as a tool with powerful avoidance techniques and relatively low prices. The FormBook collects credentials from various website browsers and screenshots, monitors and logs keyboards, and can download and execute files according to instructions C & C given to him.
The Trickbot it is one modular Botnet and T.banking Trojan targeting platforms Windows and mainly transported through spam or from other families malware As the Emotet. It Trickbot sends information about the infected system and can also download and run arbitrarily modules from a wide range of available, such as one VNC module for remote use or one SMB module to spread within an affected network. Once a machine is infected, the threat factors behind the malware Trickbot, use this wide range modules not just to steal banking credentials from the target computer, but also for lateral movement and recognition within the organism itself, before a targeted attack ransomware throughout the company.
The Remcos he is one RAT which first appeared in 2016. The Remcos distributed through its malicious documents Microsoft Office which are attached to emails SPAM and is designed to bypass safety UAC of Microsoft Windowss and run malicious software with high privileges.
The NanoCore it is one Trojan Remote Access, first observed in nature in 2013 and targeting users of the operating system Windows. All its versions RAT have basic add-ons and features like screen capture, cryptocurrency mining, remote desktop control and session theft webcam.
Vidar is an infolstealer that targets Windows operating systems. First detected in late 2018, it is designed to steal passwords, credit card data and other sensitive information from various web browsers and digital wallets. Vidar has been sold on various online forums and a malware dropper has been used to download GandCrab ransomware as its secondary load.
Known since 2011, the Glupteba is a back door that gradually matured into botnet. Until 2019 it included an address information mechanism C&C through public lists BitCoin, a built-in browser theft feature and a router operator.
A android Spyware on Google Play, designed to steal messages SMS, contact lists and device information. In addition, the malware silently signs the victim for premium services on advertising sites.
The lovgate is a computer "worm" that can spread through network sharing, e-mail, and file sharing networks. Once installed, the program copies various folders to the victim's computer and distributes malicious files that result in remote access to attackers.
The Masslogger is a credential thief.NET. This threat is an identification tool that can be used to extract data from targeted servers.
The Global Threat Impact Index and ThreatCloud Map of Check Point Software, are based on part ThreatCloud intelligence of company. The ThreatCloud provides real-time threat information from hundreds of millions of sensors worldwide, through networks, endpoints, and mobile devices. Intelligence is enriched with AI-based engines and exclusively research data from Check Point Research, the Department Intelligence & Research of Check Point Software Technologies.
The full list of the top 10 malware families in September is available at blog of Check Point.