Check Point revealed that the infamous Trickbot Trojan remains the most prevalent malware variant, affecting 4% of organizations worldwide.
The evolution of new malware variants has become prevalent in the cyberthreat landscape. Cybercriminals continue to create novel malicious codes, botnets, or redesign old malware variants to compromise the targeted networks without getting caught. Cybersecurity solutions provider Check Point reported that modular botnets and banking Trojans have become widespread, targeting critical sectors across the globe. Its latest Global Threat Index for October 2021 report revealed that the infamous Trickbot Trojan remains the most prevalent malware variant, affecting 4% of organizations worldwide. It’s also found that “Apache HTTP Server Directory Traversal” is the most exploited vulnerability in 2021.
Top Malware Families
Trickbot malware was once a banking Trojan and evolved as a prolific malware used in several cyberattacks against businesses and individuals across the globe. Trickbot’s capabilities include lateral movement in the network for maximum damage, exfiltrating user credentials from browsers, stealing cookies and OpenSSH keys, theft of RDP, VNC, and PuTTY credentials, and installing additional payloads like ransomware.
XMRig is an open-source CPU mining software used for the mining process of the Monero cryptocurrency and was first seen in the wild in May 2017. The malware has affected 3% of organizations globally.
Remcos is a remote access trojan (RAT) that first appeared in the wild in 2016. Remcos distributes itself through malicious Microsoft Office documents attached to SPAM emails and is designed to bypass Microsoft Windows UAC security and execute malware with high-level privileges. This malware has affected over 2% of organizations across the globe.
Most Targeted Sectors
While attackers distributed their malware variants globally, the most targeted industries are:
- Education and Research sector
- Government and Military
Top Exploited Vulnerabilities
Check Point stated that Web Servers Malicious URL Directory Traversal is the most commonly exploited vulnerability in October 2021, affecting over 60% of organizations globally, followed by Web Server Exposed Git Repository Information Disclosure, impacting 55% of organizations worldwide, and HTTP Headers Remote Code Execution with a global impact of 54%.
“The Apache vulnerability only came to light early in October and is already one of the top ten most exploited vulnerabilities worldwide, showing how fast attackers move. This vulnerability can lead threat actors to map URLs to files outside the expected document root by launching a path traversal attack. It’s imperative that Apache users have appropriate protection technologies in place. This month, Trickbot, which is often used to drop ransomware, is the most prevalent malware. Globally, one out of every 61 organizations is impacted by ransomware every week. That’s a shocking figure, and companies need to do more. Many attacks start with a simple email, so educating users on how to identify a potential threat is one of the most important defenses an organization can deploy,” said Maya Horowitz, VP of Research at Check Point Software.