The evolution of new malware variants has become prevalent in the cyberthreat landscape. Cybercriminals continue to create novel malicious codes, botnets, or redesign old malware variants to compromise the targeted networks without getting caught. Cybersecurity solutions provider Check Point reported that modular botnets and banking Trojans have become widespread, targeting critical sectors across the globe. Its latest Global Threat Index for October 2021 report revealed that the infamous Trickbot Trojan remains the most prevalent malware variant, affecting 4% of organizations worldwide. It’s also found that “Apache HTTP Server Directory Traversal” is the most exploited vulnerability in 2021.
Top Malware Families
1. Trickbot
Trickbot malware was once a banking Trojan and evolved as a prolific malware used in several cyberattacks against businesses and individuals across the globe. Trickbot’s capabilities include lateral movement in the network for maximum damage, exfiltrating user credentials from browsers, stealing cookies and OpenSSH keys, theft of RDP, VNC, and PuTTY credentials, and installing additional payloads like ransomware.
2. XMRig
XMRig is an open-source CPU mining software used for the mining process of the Monero cryptocurrency and was first seen in the wild in May 2017. The malware has affected 3% of organizations globally.
3. Remcos
Remcos is a remote access trojan (RAT) that first appeared in the wild in 2016. Remcos distributes itself through malicious Microsoft Office documents attached to SPAM emails and is designed to bypass Microsoft Windows UAC security and execute malware with high-level privileges. This malware has affected over 2% of organizations across the globe.
Also Read: Best way to handle malware attacks is automation and continuous monitoring
Most Targeted Sectors
While attackers distributed their malware variants globally, the most targeted industries are:
- Education and Research sector
- Communications
- Government and Military
Top Exploited Vulnerabilities
Check Point stated that Web Servers Malicious URL Directory Traversal is the most commonly exploited vulnerability in October 2021, affecting over 60% of organizations globally, followed by Web Server Exposed Git Repository Information Disclosure, impacting 55% of organizations worldwide, and HTTP Headers Remote Code Execution with a global impact of 54%.
“The Apache vulnerability only came to light early in October and is already one of the top ten most exploited vulnerabilities worldwide, showing how fast attackers move. This vulnerability can lead threat actors to map URLs to files outside the expected document root by launching a path traversal attack. It’s imperative that Apache users have appropriate protection technologies in place. This month, Trickbot, which is often used to drop ransomware, is the most prevalent malware. Globally, one out of every 61 organizations is impacted by ransomware every week. That’s a shocking figure, and companies need to do more. Many attacks start with a simple email, so educating users on how to identify a potential threat is one of the most important defenses an organization can deploy,” said Maya Horowitz, VP of Research at Check Point Software.
Mitigation
Explaining on how organizations can mitigate the significance risks from evolving malware threats, Prakash Bell, Customer Success Head and Security Engineer Team Lead, Check Point Software Technologies, India, said, “Several Malwares are very difficult for a “non-technical” eye to recognize. Therefore, if you suspect you have been infected it would be wise to consult with a security professional or use third party tools and protections designed to identify, block and even remove this threat from your computer.”
Prakash Bell also recommended certain security precautions which include:
- Go to Check your username in the OS
- Go to /Users/[username]/Library/LaunchAgents directory
- Check for suspicious filenames in this directory (example below is a random name) /Users/user/Library/LaunchAgents/com.wznlVRt83Jsd.HPyT0b4Hwxh.plist
- Remove the suspicious file
Some preventive measures to both Mac and Window users:
- Not open suspicious attachments
- Avoid visiting suspicious websites
- Use 3rd party protection software to help identify and prevent malicious behavior on their computer
