In the global threat index for September 2023, the CloudEye malware is the most widespread. Healthcare facilities are the most common target of hackers.
In August, the multi-purpose malware Qbot, aka Qakbot, was dismantled and shut down by FBI investigators. This marks the end of a long time for Qbot as the most widespread malware, after topping the global hit list for almost all of 2023.
CloudEye leads the top malware
Checkpoint's global threat index for September 2023 makes the consequences for the German threat landscape visible: CloudEye, formerly GuLoader, a downloader that injects malicious programs onto Windows platforms, is in first place as the most widespread malware in this country (9,5 percent). taken. In the places behind, the cards were also reshuffled and filled with old friends: Emotet moved up to second place (1,92 percent), Nanocore to third place (1,98 percent).
The security researchers also observed changes at all levels in the sectors most frequently attacked by hackers: the healthcare sector was primarily in the crosshairs of hackers this month, followed by IT service providers and the education and research sectors.
Top malware in Germany
*The arrows refer to the change in ranking compared to the previous month.
- ↑ CloudEyeE – CloudEye, formerly called “GuLoader,” is a downloader that targets the Windows platform and is used to download and install malicious programs on victims’ computers.
- ↑ Emotet – Emotet is an advanced, self-propagating and modular trojan horse that was once used as a banking trojan and currently proliferates other malware or malicious campaigns. Emotet uses multiple persistence methods and evasion techniques to avoid detection and can be distributed via phishing spam emails with malicious attachments or links.
- ↑ Nanocore – NanoCore is a remote access Trojan that targets Windows operating system users and was first observed in the wild in 2013. All versions of the RAT include basic plugins and features such as screen recording, cryptocurrency mining, remote desktop control, and webcam session theft.
Top 3 vulnerabilities
Last month, “Web Servers Malicious URL Directory Traversal” was the most exploited vulnerability, affecting 47 percent of organizations worldwide, followed by “Command Injection Over http” at 42 percent and “Zyxel ZyWALL Command Injection” at 39 percent.
- ↑ Web Server Malicious URL Directory Traversal (CVE-2010-4598, CVE-2011-2474,CVE-2014-0130,CVE-2014-0780,CVE-2015-0666,CVE-2015-4068,CVE-2015-7254,CVE-2016-4523,CVE-2016-8530,CVE-2017-11512,CVE-2018-3948,CVE-2018-3949,CVE-2019-18952,CVE-2020-5410,CVE-2020-8260) – There is a directory traversal vulnerability on various web servers. The vulnerability is due to an input validation error in a web server that does not properly sanitize the URI for the directory traversal patterns. A successful exploitation allows unauthenticated attackers to disclose or access arbitrary files on the vulnerable server.
- ↔ Command injection over HTTP (CVE-2021-43936, CVE-2022-24086) - A command injection via HTTP vulnerability has been reported. A remote attacker can exploit this issue by sending a specially crafted request to the victim. If successfully exploited, an attacker could execute arbitrary code on the target computer.
- ↑ Zyxel ZyWALL Command Injection (CVE-2023-28771) – A command injection vulnerability exists in Zyxel ZyWALL. Successful exploitation of this vulnerability would allow remote attackers to execute arbitrary operating system commands on the affected system.
Top 3 Mobile Malware
Last month, Anubis remained at the top of the most common mobile malware, followed by AhMyth and SpinOk, which swapped places.
- ↔ Anubis – Anubis is a banking Trojan malware designed for Android mobile phones. Since its initial discovery, it has gained additional features including Remote Access Trojan (RAT), keylogger, audio recording capabilities, and various ransomware capabilities. It has been discovered in hundreds of different applications on the Google Store.
- ↔ AhMyth – AhMyth is a remote access Trojan (RAT) discovered in 2017. It is distributed through Android apps that can be found in app stores and various websites. When a user installs one of these infected apps, the malware can collect sensitive information from the device and perform actions such as keylogging, taking screenshots, sending SMS messages, and activating the camera, which are typically used to steal sensitive information .
- ↔ SpinOk – SpinOk is an Android software module that works as a spy program. It collects information about the files stored on the devices and is able to forward them to malicious threat actors. The malicious module was found in more than 100 Android apps and had been downloaded more than 2023 times as of May 421.000.000.
Top 3 of the attacked sectors and areas in Germany
- ↑ Healthcare
- ↑ ISP/MSP
- ↑ Education/Research
Check Point's Global Threat Impact Index and ThreatCloud Map are powered by Check Point's ThreatCloud Intelligence. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide across networks, endpoints and mobile phones. This intelligence is enriched with AI-based engines and exclusive research data from Check Point Research, the research and development department of Check Point Software Technologies.
More at CheckPoint.com
About check point Check Point Software Technologies GmbH (www.checkpoint.com/de) is a leading provider of cybersecurity solutions for public administrations and companies worldwide. The solutions protect customers from cyberattacks with an industry leading detection rate for malware, ransomware and other types of attacks. Check Point offers a multi-level security architecture that protects company information in cloud environments, networks and on mobile devices, as well as the most comprehensive and intuitive “one point of control” security management system. Check Point protects over 100.000 businesses of all sizes.
Matching articles on the topic