Check Point Research has revealed that Trickbot is once again the most popular malware, according to a Global Threat Index report for September 2021. A remote access trojan, njRAT, was also added to the top 10 report for first time ever.
TrickBot traces its roots back to 2016 as a modular banking trojan designed to steal financial data, credentials and personal data, as well as distribute other malware to infected systems.
Bad actors typically delivered TrickBot via email campaigns based on current events (such as COVID-19) or financial incentives to trick users into opening up malicious file attachments (such as Word or Excel macro-enabled docs).
Last year, researchers discovered TrickBot further added a propagation module with nworm to evade detection and target Active Directory domain controllers.
According to the latest Check Point Research (CPR) report, Trickbot continued to add new features and gain popularity after authorities took down Emotet in January of this year.
“It is constantly being updated with new capabilities, features and distribution vectors which enables it to be a flexible and customizable malware that can be distributed as part of multi-purpose campaigns,” CPR wrote in a blog post on October 8, 2021.
However, one of the Trickbot group’s members was arrested in the same month of September after previous US cybercriminal investigations.
Top malware families
According to the research, the top ten most popular malware families include (as of September, 2021):
In addition to the newly added njRAT trojan, Trickbot, XMRig, Tofsee, and Floxif also moved up the list as compared to the previous month. The others dropped or remained the same from August.
CPR also added that Trickbot affected 4% of organizations worldwide. Whereas Formbook and XMRig each impacted 3% of all global entities.
To add, xHelper, AlienBot and FluBot were the most popular mobile malware threats.
Top most exploited Vulnerabilities
Moreover, CPR also listed these top 10 most exploited vulnerabilities:
CPR explained that the top 3 on this list each impacted almost half of organizations worldwide.
“CPR also revealed this month that ‘Web Server Exposed Git Repository Information Disclosure’ is the most commonly exploited vulnerability, impacting 44% of organizations globally, followed by ‘Command Injection Over HTTP’ which affects 43% of organizations worldwide. ‘HTTP Headers Remote Code Execution’ takes third place in the top exploited vulnerabilities list, with a global impact of 43% as well,” CPR said in the report.
It is also noteworthy that some of these vulnerabilities have continued to be the most commonly exploited vulnerabilities for several years now, such as IoT vulnerability exploits or Verint’s Top 20 most exploited vulnerabilities released in December 2019.
Also, external facing systems, such as web servers, routers and remote virtual private network (VPN) devices continue to be popular targets.
Readers can review the full Check Point Research report for more details, as well as related articles below.
This content was originally published here.