Malware: These are the current leaders

2 October 2023
| No comments
Malware: These are the current leaders

Share post

In the Global Threat Index for August 2023, Formbook was the most widespread malware in Germany, followed by CloudEyE and Qbot.

Across the Atlantic, the FBI announced a significant victory in its global operation against the Qbot (also known as Qakbot) in August. In “Operation Duck Hunt,” the FBI took control of the botnet, removed the malware from infected devices, and identified a significant number of affected devices

Qbot is declining significantly

Qbot evolved into a malware delivery service used for various cybercriminal activities, including ransomware attacks. It typically spreads through phishing campaigns and collaborates with other threat actors. Although Qbot remained the most widespread malware globally in August, Check Point observed a significant decline in its impact following the operation. The servers for the malware were also paralyzed in Germany, as the BKA announced.

Maya Horowitz, VP Research at Check Point Software, on the strike against Qbot: “The takedown of QBot was a significant breakthrough in the fight against cybercrime. However, we must not become complacent because when one falls, another will rise and take his place. We should all remain vigilant, work together and continue to practice good security hygiene across all attack vectors.”

Top malware in Germany

Formbook was the most widespread malware last month with a slightly decreasing impact of 11,88 percent on German organizations, followed by CloudEyE with a national impact of 11,72 percent and Qbot with 4,82 percent.

  Formbook – Formbook is an info-stealer targeting the Windows operating system and was first discovered in 2016. It is marketed as Malware as a Service (MaaS) on underground hacking forums due to its strong evasion techniques and relatively low price. FormBook collects login information from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and run files when instructed by its C&C.

CloudEyeE–CloudEye, formerly called “GuLoader,” is a downloader that targets the Windows platform and is used to download and install malicious programs on victims’ computers.

Qbot – Qbot AKA Qakbot is a multipurpose malware that first appeared in 2008. It is designed to steal a user's login credentials, record keystrokes, steal cookies from browsers, spy on banking activity and install additional malware. Commonly distributed via spam emails, Qbot uses multiple anti-VM, anti-debugging, and anti-sandbox techniques to complicate analysis and evade detection. As of 2022, it is one of the most widespread Trojans.

Top 3 vulnerabilities

Last month, “HTTP Headers Remote Code Execution” was the most exploited vulnerability, affecting 40 percent of organizations worldwide, followed by “Command Injection Over http,” affecting 38 percent of organizations worldwide. “MVPower CCTV DVR Remote Code Execution” was the third most exploited vulnerability with a global impact of 35 percent.

  HTTP header Remote Code Execution (CVE-2020-10826, CVE-2020-10827, CVE-2020-10828, CVE-2020-13756) - HTTP headers allow the client and server to convey additional information with an HTTP request. A remote attacker can use a vulnerable HTTP header to run arbitrary code on the victim computer.

  Command Injection Over HTTP (CVE-2021-43936, CVE-2022-24086) - A Command Injection over HTTP vulnerability has been reported. A remote attacker can exploit this issue by sending a specially crafted request to the victim. If exploited successfully, an attacker could execute arbitrary code on the target computer.

  MVPower CCTV DVR Remote Code Execution (CVE-2016-20016) – A remote code execution vulnerability in MVPower CCTV DVR. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.

Top 3 Mobile Malware

Last month, Anubis remained at the top of the most common mobile malware, followed by AhMyth and SpinOk, which swapped places.

Anubis – Anubis is a banking Trojan malware designed for Android mobile phones. Since its initial discovery, it has gained additional features including Remote Access Trojan (RAT), keylogger, audio recording capabilities, and various ransomware capabilities. It has been discovered in hundreds of different applications on the Google Store.

AhMyth – AhMyth is a remote access Trojan (RAT) discovered in 2017. It is distributed through Android apps that can be found in app stores and various websites. When a user installs one of these infected apps, the malware can collect sensitive information from the device and perform actions such as keylogging, taking screenshots, sending SMS messages, and activating the camera, which are typically used to steal sensitive information .

SpinOk – SpinOk is an Android software module that works as a spy program. It collects information about the files stored on the devices and is able to forward them to malicious threat actors. The malicious module was found in more than 100 Android apps and had been downloaded more than 2023 times as of May 421.000.000.

Top 3 of the attacked sectors and areas in Germany

  SI/VAR/Distributors

  Health services

  ISP / MSP

Check Point's Global Threat Impact Index and ThreatCloudMap are based on Check Point's ThreatCloudIntelligence. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide across networks, endpoints and mobile phones. This intelligence is enriched with AI-based engines and exclusive research data from Check Point Research, the research and development division of Check Point Software Technologies.

More at CheckPoint.com

 

About check point

Check Point Software Technologies GmbH (www.checkpoint.com/de) is a leading provider of cybersecurity solutions for public administrations and companies worldwide. The solutions protect customers from cyberattacks with an industry leading detection rate for malware, ransomware and other types of attacks. Check Point offers a multi-level security architecture that protects company information in cloud environments, networks and on mobile devices, as well as the most comprehensive and intuitive “one point of control” security management system. Check Point protects over 100.000 businesses of all sizes.

 

Matching articles on the topic

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

Data manipulation, the underestimated danger

Every year, World Backup Day on March 31st serves as a reminder of the importance of up-to-date and easily accessible backups ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

The AI ​​Act and its consequences for data protection

With the AI ​​Act, the first law for AI has been approved and gives manufacturers of AI applications between six months and ➡ Read more

Mobile spyware poses a threat to businesses

More and more people are using mobile devices both in everyday life and in companies. This also reduces the risk of “mobile ➡ Read more

Windows operating systems: Almost two million computers at risk

There are no longer any updates for the Windows 7 and 8 operating systems. This means open security gaps and therefore worthwhile and ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

DSPM product suite for Zero Trust Data Security

Data Security Posture Management – ​​DSPM for short – is crucial for companies to ensure cyber resilience against the multitude ➡ Read more

 

PR News
, , , , , ,