February 2021’s Most Wanted Malware: Trickbot Takes Over Following Emotet Shutdown – Check Point Software

February 2021’s Most Wanted Malware: Trickbot Takes Over Following Emotet Shutdown - Check Point Software

Check Point Research reports that following the international police operation that took control of Emotet in January, Trickbot has become the new top global threat used by cybercriminals

Our latest Global Threat Index for February 2021 has revealed that the Trickbot trojan has topped the Index for the first time, rising from third position in January.

Following the takedown of the Emotet botnet in January, Check Point researchers report that cyber-criminal groups continue to utilize other top threats, with malware such as Trickbot using new techniques for their malicious activities. During February, Trickbot was being distributed via a malicious spam campaign designed to trick users in the legal and insurance sectors into downloading a .zip archive with a malicious JavaScript file to their PCs. Once this file is opened, it attempts to download a further malicious payload from a remote server.

Trickbot was the 4th most prevalent malware globally during 2020, impacting 8% of organizations.  It played a key role in one of the highest-profile and expensive cyberattacks of 2020, which hit Universal Health Services (UHS), a leading healthcare provider in the U.S. UHS was hit by Ryuk ransomware, and stated the attack cost it $67 million in lost revenues and costs. Trickbot was used by the attackers to detect and harvest data from UHS’ systems, and then to deliver the ransomware payload.

Check Point Researchers say criminals will continue using the existing threats and tools they have available, and Trickbot is popular because of its versatility and its track record of success in previous attacks.  Even when a major threat is removed, there are many others that continue to pose a high risk on networks worldwide, so organizations must ensure they have robust security systems in place to prevent their networks being compromised and minimise risks. Comprehensive training for all employees is crucial, so they are equipped with the skills needed to identify the types of malicious emails which spread Trickbot and other malware.

Check Point Research also warns that “Web Server Exposed Git Repository Information Disclosure” is the most common exploited vulnerability, impacting 48% of organizations globally, followed by “HTTP Headers Remote Code Execution (CVE-2020-13756)” which impact 46% of organizations worldwide. “MVPower DVR Remote Code Execution” is third place in the top exploited vulnerabilities list, with a global impact of 45%.

Top malware families

*The arrows relate to the change in rank compared to the previous month.

This Month, Trickbot ranks as most popular malware impacting 3% of organizations globally, closely followed by XMRig and Qbot which also impacted 3% of organizations worldwide respectively.

Top exploited vulnerabilities

This month Web Server Exposed Git Repository Information Disclosure” is the most common exploited vulnerability, impacting 48% of organizations globally, followed by “HTTP Headers Remote Code Execution (CVE-2020-13756)” which impact 46% of organizations worldwide. “MVPower DVR Remote Code Execution” is third place in the top exploited vulnerabilities list, with a global impact of 45%.

Top mobile malwares

This month, Hiddad holds 1st place in the most prevalent mobile malware, followed by xHelper and FurBall.

This content was originally published here.

Laat een reactie achter

Het e-mailadres wordt niet gepubliceerd.