Cybersecurity company Check Point Research has released its latest Global Threat Index for October 2021.
According to the report, the modular botnet and banking Trojan, Trickbot, remains at the top of the list of most prevalent malware, affecting 4% of organizations worldwide, while “Apache HTTP Server Directory Traversal” has entered on the list of the top ten exploited vulnerabilities.
Check Point has also revealed that the most targeted industry is education / research.
Trickbot has been known to steal financial details, account credentials, and personally identifiable information, as well as spread laterally within a network and remove ransomware.
Since Emotet’s removal in January, Trickbot has appeared at the top of the most prevalent malware list five times.
It is constantly updated with new capabilities, features, and delivery vectors, allowing it to be a flexible and customizable malware that can be distributed as part of multipurpose campaigns.
In addition, a new vulnerability, “Apache HTTP Server Directory Traversal”, has entered the list of the top ten exploited vulnerabilities in October, in 10th place.
“The Apache vulnerability came to light in early October and is already one of the ten most exploited vulnerabilities in the world, demonstrating how quickly attackers move. This vulnerability can lead threat actors to map URLs to files outside of the expected document root by launching a cross-path attack, ”said Maya Horowitz, vice president of research at Check Point Software.
Check Point also revealed this month that Education / Research is the industry most under attack globally, followed by Communications and Government / Military.
“Malicious web server URL directory crossing” is the most commonly exploited vulnerability, affecting 60% of organizations globally, followed by “Git repository information disclosure exposed to web server”, affecting the 55% of organizations worldwide.
“Remote Execution of HTTP Header Code” remains third on the list of top exploited vulnerabilities, with an overall impact of 54%.
Here is a summary of the company report:
Main malware families
This month, Trickbot is the most popular malware affecting 4% of organizations worldwide, followed by XMRig with 3% and Remcos with 2%.
In Kenya, the most popular malware is Floxif which affects 17.24% of organizations in the country, followed by Ramnit with 12.64% and XMRig with 8.05%.
- Phloxif – Floxif is an information thief and a backdoor, designed for the Windows operating system. It was used in 2017 as part of a large-scale campaign in which attackers inserted Floxif (and Nyetya) into the free version of CCleaner (a cleaning utility), infecting more than 2 million users, including large companies from technology like Google, Microsoft, Cisco and Intel.
- Ramnit – Ramnit is a banking Trojan that incorporates lateral movement capabilities. Ramnit steals information from the web session, allowing the worm’s operators to steal the account credentials of all the services used by the victim, including bank, corporate and social media accounts.
- XMRig – First seen in the wild in May 2017, XMRig is open source CPU mining software used to mine the Monero cryptocurrency.
Top mobile malware
This month, xHelper remains in the first place among the most prevalent mobile malware, followed by AlienBot and XLoader.
1. xHelper – A malicious application seen in the wild since March 2019, used to download other malicious applications and display ads. The application is capable of being hidden from the user and can even be reinstalled if it was uninstalled.
2. AlienBot – The AlienBot family of malware is malware as a service (MaaS) for Android devices that allows a remote attacker, as a first step, to inject malicious code into legitimate financial applications. The attacker gains access to the victims’ accounts and ultimately completely controls their device.
3. XLoader – XLoader is an Android banking and spyware Trojan developed by Yanbian Gang, a Chinese hacker group. This malware uses DNS spoofing to distribute infected Android applications in order to collect personal and financial information.
Main countries attacked worldwide
This month, Education / Research is the industry most attacked globally, followed by Communications and Government / Military.
- Education / Research
- Military government