The new Global Threat Index for July 2023 shows which sectors were particularly heavily attacked: The new number 1 is utilities. Right behind it is the transport sector and then, how far up the list, are the software providers.
The top 3 most attacked sectors in Germany have changed completely compared to June: Utilities took first place in July, followed by transport and software providers.
Malware Formbook still hyperactive
Malware Formbook took first place again this month. That puts the Infostealer ahead of Guloader, who claims second place. Qbot has now dropped to third place in July from first place in the previous month. This brings up three types of malware that are primarily intended to steal information.
“This time of year is perfect for hackers. As many capitalize on the holidays, organizations are grappling with reduced or changing staffing, which can impact their ability to monitor threats and mitigate risk,” said Maya Horowitz, VP Research at Check Point Software Technologies. “Introducing automated and consolidated security processes can help organizations keep their processes running during the holiday season. In-depth employee training is also recommended.”
Top ranking of malware in Germany
The arrows in front refer to the change in the ranking compared to the previous month.
Formbook was the most prevalent malware last month with a 14 percent impact on German organizations, followed by Guloader with a national impact of 10 percent and Qbot with 5 percent.
1. ↑ Formbook – Formbook is an info-stealer targeting the Windows operating system and was first discovered in 2016. It is marketed as Malware as a Service (MaaS) on underground hacking forums due to its strong evasion techniques and relatively low price. FormBook collects login information from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and run files when instructed by its C&C.
2. ↔ Guloader – Guloader is a downloader that has been widely used since December 2019. When it first appeared, GuLoader was used to download Parallax RAT, but was also used for other remote access trojans and info thieves such as Netwire, FormBook, and Agent Tesla.
3. ↓ Qbot – Qbot AKA Qakbot is a multipurpose malware that first appeared in 2008. It is designed to steal a user's login credentials, record keystrokes, steal cookies from browsers, spy on banking activity and install additional malware. Commonly distributed via spam emails, Qbot uses multiple anti-VM, anti-debugging, and anti-sandbox techniques to complicate analysis and evade detection. As of 2022, it is one of the most widespread Trojans.
Top 3 exploited vulnerabilities
Last month, Web Servers Malicious URL Directory Traversal was the top exploited vulnerability globally, affecting 49 percent of organizations worldwide, followed by Apache Log4j Remote Code Execution at 45 percent and HTTP Headers Remote Code Execution with a global impact of 42 percent.
1. ↔ Web Server Malicious URL Directory Traversal - There is a directory traversal vulnerability on various web servers. The vulnerability is due to an input validation error in a web server that does not properly sanitize the URI for the directory traversal patterns. Successful exploitation allows unauthenticated attackers to expose or access arbitrary files on the vulnerable server.
2. ↔ Apache Log4j Remote Code Execution (CVE-2021-44228) - There is a vulnerability in Apache Log4j that allows remote code execution. Successful exploitation of this vulnerability could allow a remote attacker to run arbitrary code on the affected system.
3. ↔ Remote Code Execution HTTP header (CVE-2020-10826, CVE-2020-10827, CVE-2020-10828, CVE-2020-13756) - HTTP headers allow the client and server to convey additional information with an HTTP request. A remote attacker can use a vulnerable HTTP header to run arbitrary code on the victim computer.
The top 3 in mobile malware
Last month, Anubis ranked first for most prevalent mobile malware, followed by SpinOk and AhMyth.
1. ↑ Anubis - Anubis is a banking Trojan malware, which was developed for Android mobile phones. Since its initial detection, it has gained additional features including Remote Access Trojans (RAT), keyloggers, audio recording capabilities, and various ransomware functions. It has been spotted in hundreds of different applications on the Google Store.
2. ↓ SpinOk – SpinOk is an Android software module, which works as a spy program. It collects information about the files stored on the devices and is able to forward them to malicious threat actors. The malicious module was found in more than 100 Android apps and downloaded more than 2023 times as of May 421.000.000.
3. ↔ AhMyth – AhMyth is a Remote Access Trojan (RAT), which was discovered in 2017. It is distributed via Android apps found in app stores and various websites. When a user installs one of these infected apps, the malware can collect sensitive information from the device and perform actions such as keylogging, taking screenshots, sending SMS messages, and activating the camera, which are typically used to steal sensitive information .
Top 3 of the attacked sectors and areas in Germany
1. ↑ Utilities
2. ↑ Transportation
3. ↑ Software Vendor
Check Point's Global Threat Impact Index and ThreatCloud Map are powered by Check Point's ThreatCloud Intelligence. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide across networks, endpoints and mobile phones. This intelligence is enriched with AI-based engines and exclusive research data from Check Point Research, the research and development department of Check Point Software Technologies. The full list of July's top XNUMX malware families can be found on the Check Point Blog.
More at CheckPoint.com
About check point Check Point Software Technologies GmbH (www.checkpoint.com/de) is a leading provider of cybersecurity solutions for public administrations and companies worldwide. The solutions protect customers from cyberattacks with an industry leading detection rate for malware, ransomware and other types of attacks. Check Point offers a multi-level security architecture that protects company information in cloud environments, networks and on mobile devices, as well as the most comprehensive and intuitive “one point of control” security management system. Check Point protects over 100.000 businesses of all sizes.