Emotet, meanwhile, holds the top and has thus regained his royal throne
Check Point Research has published the Global Threat Index for February 2022.
This month, Check Point Research had become a witness to how hackers exploited the Ukraine war to trick people into downloading malicious attachments. The most widespread malware in February, Emotet, did just that, namely with emails containing malicious files and the subject “Recall”: “Military conflict Ukraine-Russia: well-being of our Ukrainian occupation member”.
Maya Horowitz, Director of Threat Intelligence and Research and Products at Check Point
“Currently, some malicious programs, including Emotet, are taking advantage of the public interest in the Ukraine war by creating email campaigns on this topic, which are intended to entice infected attachments to be downloaded. It is important to always check that a sender’s email address is authentic, to watch for spelling mistakes in emails and not to open attachments or click on links if you suspect that the email is unsafe“” explains Maya Horowitz, Director of Threat Intelligence and Research and Products at Check Point .
Top 3 Most Wanted Malware for Germany:
The arrows refer to the change in placement from the previous month.
Emotet is still in first place. Newcomer Snake Keylogger takes second place and Formbook takes third place.
- ↔ Emotet – Emotet is an advanced, self-propagating and modular Trojan. It was previously used as a banking Trojan, but currently serves as a propagator of other malicious programs or entire campaigns. He uses various methods to stay operational and knows evasive techniques to avoid detection. In addition, it can be spread through phishing emails that contain malicious attachments or links.
- ↑ Snake Keylogger – Snake is a modular .NET keylogger and credential stealer that was first discovered in late November 2020. Its main function is to record the keystrokes of users and transmit the collected data to the hackers. Snake infections pose a major threat to users’ privacy and online security, as the malware can steal virtually all types of sensitive information and is a particularly persistent keylogger that can well escape detection.
- ↓ Formbook – FormBook is an infostealer that targets the Windows operating system and was first discovered in 2016. It is marketed in hacking forums as malware-as-a-Service (MaaS) because it knows strong evasion techniques and costs a fairly low price. FormBook collects and steals credentials from various web browsers, takes screenshots, monitors and logs keystrokes, and can download and run files from its C&C on instruction.
The Top 3 Most Wanted Vulnerabilities:
In February, Web Servers Exposed Git Repository Information Disclosure traded places with 46 percent and Apache Log4j Remote Code Execution (CVE-2021-44228) with 44 percent. In third place is HTTP Headers Remote Code Execution, which affected 41 percent of all registered companies worldwide.
- ↑ Web Server Exposed Git Repository Information Disclosure – A vulnerability has been reported in Git Repository that exposes information. The successful exploitation of this vulnerability could allow unintentional disclosure of account information.
- ↓ Apache Log4j Remote Code Execution (CVE-2021-44228) – There is a vulnerability in Apache Log4j that allows an attacker to execute malicious code at will.
- ↔ HTTP Headers Remote Code Execution (CVE-2020-10826, CVE-2020-10827, CVE-2020-10828, CVE-2020-13756) – HTTP headers allow the client and the server to submit additional information with an HTTP request. A remote attacker can use a vulnerable HTTP header to execute arbitrary code on the victim machine.
The Top 3 Most Wanted Mobile Malware:
In January, xHelper rose to number one and AlienBot dropped to number two. FluBot held the Three.
- ↑ xLoader – xLoader is an Android spyware and banking Trojan developed by the Yanbian Gang, a Chinese hacker group. This malware uses DNS spoofing to spread infected Android apps and steal personal and financial information.
- ↓ xHelper – A mobile malware that has been occurring since March 2019 and is used to download other contaminated apps and display advertisements. The application is able to hide from the user and can even reinstall itself if it has been uninstalled.
- ↓ AlienBot – The AlienBot malware family is a malware-as-a-Service (MaaS) for Android devices that allows an attacker to smuggle criminal code into legitimate financial applications as a first step. The attacker gains access to the victims’ accounts and eventually takes complete control of their device.
Top 3 of the attacked industries and areas in Germany:
Recently, Check Point has identified this category, now even at the country level. In February 2022:
- ↑ Hardware manufacturers.
- ↑ Manufacturing.
- ↑ Health.
Check Point’s Global Threat Impact Index and its ThreatCloud Map are based on Check Point’s ThreatCloud intelligence. ThreatCloud provides real-time threat data collected by hundreds of millions of sensors worldwide across networks, endpoints and mobile phones. This database is enriched by AI-based engines and exclusive research data from Check Point Research, the Intelligence & Research department of Check Point Software Technologies.