Check Point Research (CPR), the research arm of Check Point Software Technologies Ltd., a global leader in cyber security solutions, has released its latest Global Threat Index for August 2022. CPR reports that FormBook is now the most prevalent malware, replacing Emotet, which has held that position since its January resurgence.
FormBook is an infostealer that targets Windows operating systems. Once installed, it can intercept credentials, collect screenshots, monitor and log keystrokes, and download and execute (C&C) files according to its commands. Since its initial discovery in 2016, it has made a name for itself and is marketed on underground hacker forums as Malware-as-a-Service (MaaS), known for its powerful evasion techniques and relatively low price.
Infostealer strong in business
In August, GuLoader activity increased rapidly, resulting in it being the fourth most prevalent malware. GuLoader was originally used to download Parallax RAT, but has since been used to power other remote access Trojans and info-stealers such as Netwire, FormBook, and Agent Tesla. Proliferation usually occurs via large-scale email phishing campaigns that trick the victim into downloading and opening a malicious file to allow the malware to do its work.
Additionally, Check Point Research reports that Android spyware Joker is back in business, ranking third in this month's list of top mobile malware. Once installed, Joker can steal SMS messages, contact lists, device information and enroll the victim in paid premium services without their consent. The increase in the malware can be partly explained by an increase in campaigns, as it was recently detected in some applications on the Google Play Store.
Education & research in attack focus
CPR also revealed this month that the education/research sector remains the industry most targeted by cybercriminals around the world. The second and third most targeted sectors are government/military and healthcare. Apache Log4j Remote Code Execution is again the top exploited vulnerability, affecting 44 percent of organizations worldwide, overtaking Web Server Exposed Git Repository Information Disclosure vulnerability, which affected 42 percent of the companies.
The most commonly exploited vulnerabilities
This month, "Apache Log4j Remote Code Execution" is the top exploited vulnerability, affecting 44 percent of organizations worldwide, followed by "Web Server Exposed Git Repository Information Disclosure," which moved from first to second with a 42 percent share dropped back to second place. The Web Server Malicious URL Directory Traversal vulnerability remains in third place, with a global impact of 39 percent.
More at Checkpoint.com
About check point Check Point Software Technologies GmbH (www.checkpoint.com/de) is a leading provider of cybersecurity solutions for public administrations and companies worldwide. The solutions protect customers from cyberattacks with an industry leading detection rate for malware, ransomware and other types of attacks. Check Point offers a multi-level security architecture that protects company information in cloud environments, networks and on mobile devices, as well as the most comprehensive and intuitive “one point of control” security management system. Check Point protects over 100.000 businesses of all sizes.