Trickbot once again at the top of the list

0
GlobeNewswire
2021-10-08

Check Point Research reports that Trickbot is the most prevalent malware while the remote access Trojan, njRAT, entered the index for the first time.

SAN CARLOS, Calif., Oct. 08, 2021 (GLOBE NEWSWIRE) – Check Point Research (CPR), the Threat Intelligence arm of Checkpoint® Software Technologies Ltd. (NASDAQ: CHKP), one of the world’s leading providers of cybersecurity solutions, released its latest Global Threat Index for September 2021. Researchers report that Trickbot returned to the top of the list after falling to second place in August after three months long reign.

The remote access Trojan, njRAT, entered the top ten for the first time, replacing the no longer active Phorpiex. Trickbot is a banking Trojan that can steal financial details, account credentials, and personally identifiable information, as well as spread within a network and remove ransomware. Since Emotet’s retirement in January, the Trickbot Trojan has grown in popularity. It is constantly updated with new distribution capabilities, features and vectors, which allows it to be flexible and customizable malware that can be distributed through multi-purpose campaigns.

“The same month that Trickbot once again became the most prevalent malware, it was reported that one of the Trickbot gang members had been arrested following a US investigation,” said Maya Horowitz, vice president of the research at Check Point Software. “In addition to the other charges that have been filed this year in the fight against the Trojan horse, we hope that the domination of the gang will soon be undermined. But, as always, there is still a long way to go. This week, our researchers reported that there were 40% more attacks per week on organizations in 2021 compared to 2020 globally, but most of them, if not all, could have been prevented. Organizations should soon adopt a prevention-focused approach to cybersecurity.

The CPR also revealed this month that “Web Server Exposed Git Repository Information Disclosure” is the most commonly exploited vulnerability, affecting 44% of organizations globally, followed by “Command Injection Over HTTP” which affects 43% of organizations. in the world. “HTTP Headers Remote Code Execution” ranks third in the list of most exploited vulnerabilities, with an overall impact of 43% as well.

Main malware families

* The arrows correspond to the change in rank compared to the previous month.

This month, Robot-trick is the most popular malware affecting 4% of organizations worldwide, followed by Form and XMRig, each impacting 3% of organizations worldwide.

1. ?? Robot-trickTrickbot is a constantly updated modular banking botnet and Trojan horse with new capabilities, features and delivery vectors. This allows Trickbot to be flexible and customizable malware that can be distributed as part of multi-purpose campaigns.
2. ↓ Form – Formbook is an infostealer that collects credentials from various web browsers, collects screenshots, monitors and records keystrokes, and can download and run files based on its C&C commands.
3. ?? XMRigXMRig is open source CPU mining software used for the Monero cryptocurrency mining process, and was first seen in the wild in May 2017.

Main vulnerabilities exploited

This month, “Web Server Exposed Git Repository Information Disclosure” is the most commonly exploited vulnerability, affecting 44% of organizations globally, followed by “Command Injection Over HTTP” which affects 43% of organizations globally. “HTTP Headers Remote Code Execution” ranks third in the list of most exploited vulnerabilities, with an overall impact of 43% as well.

1. ?? Exposed web server Git Disclosure of repository information – An information disclosure vulnerability has been reported in the Git repository. Successful exploitation of this vulnerability could allow unintentional disclosure of account information.
2. ?? Command injection More HTTP – A command injection over HTTP vulnerability has been reported. A remote attacker can exploit this problem by sending a specially crafted request to the victim. Successful exploitation would allow an attacker to execute arbitrary code on the target machine.
3. ?? Remote Code Execution of HTTP Headers (CVE-2020-10826, CVE-2020-10827, CVE-2020-10828, CVE-2020-13756) HTTP headers allow the client and the server to transmit additional information with an HTTP request. A remote attacker can use a vulnerable HTTP header to execute arbitrary code on the victim machine.

Top mobile malware

This month, xHelper remains the number one most common mobile malware, followed by AlienBot and FluBot.

  1. xHelper – A malicious app seen in the wild since March 2019, used to download other malicious apps and display ads. The application is able to hide itself from the user and can even reinstall itself if uninstalled.
  2. Alien robot – The AlienBot malware family is malware as a service (MaaS) for Android devices that allows a remote attacker to initially inject malicious code into legitimate financial applications. The attacker gets access to the victims’ accounts and ends up in full control of their device.
  3. FluBot – FluBot is an Android botnet malware distributed via phishing SMS messages, most often impersonating logistics delivery brands. Once the user clicks on the link inside the message, FluBot is installed and has access to all sensitive information on the phone.

Check Point’s Global Threat Impact Index and ThreatCloud Map are powered by Check Point’s ThreatCloud intelligence. ThreatCloud provides real-time information on threats derived from hundreds of millions of sensors around the world, on networks, devices and mobiles. Intelligence is enriched with AI-powered engines and proprietary research data from Check Point Research, The Intelligence & Research Arm from Check Point Software Technologies.

The full list of the top 10 malware families for September is available on the Check Point blog.

Follow Check Point Research via:
Blog: https://research.checkpoint.com/
Twitter: https://twitter.com/_cpresearch_

About Check Point Research
Check Point Research (CPR) provides cutting-edge cyber threat intelligence to Check Point Software customers and the entire intelligence community. The research team collects and analyzes global cyber attack data stored on ThreatCloud to keep hackers at bay, while ensuring all Check Point solutions are updated with the latest protections. The research team consists of more than 100 analysts and researchers cooperating with other security providers, law enforcement and various CERTs.

About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading provider of cybersecurity solutions to businesses and governments around the world. Check Point Infinity’s portfolio of solutions protects businesses and public organizations from 5e generation of cyber attacks with an industry-leading capture rate for malware, ransomware and other threats. Infinity includes three main pillars of uncompromising security and Gen V threat prevention in enterprise environments: Check Point Harmony, for remote users; Check Point CloudGuard, to automatically secure clouds; and Check Point Quantum, to protect network perimeters and data centers, all controlled by the industry’s most comprehensive and intuitive unified security management. Check Point protects more than 100,000 organizations of all sizes.



Source link

Leave A Reply

Your email address will not be published.