The botnet made it back to the top in Germany very quickly after the revival
Check Point Research (CPR), the threat intelligence division of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading global provider of cyber security solutions, has published the Global Threat Index for December 2021.
This month, Apache Log4j Remote Code Execution is already the most exploited vulnerability, affecting 48.3 percent of companies worldwide. The vulnerability was first reported on December 9 in the Apache logging package Log4j – the most popular Java logging library used in many Internet services and applications, which recorded over 400 000 downloads from their GitHub project. The vulnerability triggered a new plague that affected almost half of all companies worldwide within a very short time. Attackers are able to exploit vulnerable apps to run cryptojackers and other malware on compromised servers. So far, most attacks have focused on mining cryptocurrencies to the detriment of victims, but advanced attackers have begun to act aggressively and use the vulnerability for high-value targets.
Maya Horowitz, Director of Threat Intelligence and Research and Products at Check Point
“Log4j dominated the headlines in December. It is one of the most serious vulnerabilities we have ever seen, and due to the complexity of the patches and the simplicity with which Log4J can be exploited, it will probably accompany us for many more years if the companies do not immediately take measures to prevent attacks,”explains Maya Horowitz, Director of Threat Intelligence and Research and Products at Check Point . She continues: “In addition, as we have suspected, it has not taken long for Emotet to take a strong position since its reappearance in November. The malware is good at evading and spreads quickly via phishing emails with malicious attachments or links. It’s now more important than ever to deploy a robust email security solution and make sure users know how to spot a suspicious-looking message or attachment.“
Top 3 Most Wanted Malware for Germany:
The arrows refer to the change in placement from the previous month.
Emotet is now in first place. The second and third places are occupied by Agent Tesla and Formbook.
- ↑ Emotet – Emotet is an advanced, self-propagating and modular Trojan. It was previously used as a banking Trojan, but currently serves as a propagator of other malicious programs or entire campaigns. He uses various methods to stay operational and knows evasive techniques to avoid detection. In addition, it can be spread through phishing emails that contain malicious attachments or links.
- ↔ Formbook – Formbook is an infostealer that taps credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files according to its C&C commands.
- ↓ Agent Tesla – AgentTesla is an advanced COUNCIL that acts as a keylogger and information thief and is able to monitor and collect the victim’s keystrokes and system keyboard, take screenshots and sneak credentials from a variety of software installed on the victim’s computer (including Google Chrome, Mozilla Firefox and the Microsoft Outlook email client).
The Top 3 Most Wanted Vulnerabilities:
In December, Apache Log4j Remote Code Execution (CVE-2021-44228) was the most exploited vulnerability, affecting 48.3 percent of organizations worldwide, followed by Web Server Exposed Git Repository Information Disclosure with 43.8 percent and HTTP Headers Remote Code Execution with 41.5 percent.
- ↑ Apache Log4j Remote Code Execution (CVE-2021-44228) – There is a vulnerability in Apache Log4j that allows an attacker to execute malicious code at will.
- ↔ Web Server Exposed Git Repository Information Disclosure – A vulnerability has been reported in Git Repository that exposes information. The successful exploitation of this vulnerability could allow unintentional disclosure of account information.
- ↔ HTTP Headers Remote Code Execution (CVE-2020-10826, CVE-2020-10827, CVE-2020-10828, CVE-2020-13756) – HTTP headers allow the client and the server to submit additional information with an HTTP request. A remote attacker can use a vulnerable HTTP header to execute arbitrary code on the victim machine.
The Top 3 Most Wanted Mobile Malware:
In December, AlienBot remained at number one, xHelper at number two and FluBot at number three.
- ↔AlienBot – The AlienBot malware family is a malware-as-a-Service (MaaS) for Android devices that allows an attacker to smuggle criminal code into legitimate financial applications as a first step. The attacker gains access to the victims’ accounts and eventually takes complete control of their device.
- ↔ xHelper – A mobile malware that has been occurring since March 2019 and is used to download other contaminated apps and display advertisements. The application is able to hide from the user and can even reinstall itself if it has been uninstalled.
- ↔ FluBot – FluBot is an Android bot network malware that is spread via phishing SMS messages and usually pretends to be a logistics supplier. As soon as the user clicks on the link in the message, FluBot is installed and gets access to all the sensitive information of the phone.
Top 3 of the attacked industries and areas in Germany:
Recently, Check Point has identified this category, now even at the country level.
- Insurance and Legal Services
- Teaching and Research
- Internet Service Provider (ISP) and Managed Service Provider (MSP)
Check Point’s Global Threat Impact Index and its ThreatCloud Map are based on Check Point’s ThreatCloud intelligence. ThreatCloud provides real-time threat data collected by hundreds of millions of sensors worldwide across networks, endpoints and mobile phones. This database is enriched by AI-based engines and exclusive research data from Check Point Research, the Intelligence & Research department of Check Point Software Technologies.