Check Point Software has released its latest Global Threat Index for December 2022. In terms of malware, QBot has now overtaken Emotet, the Web Server Exposed Git Repository Information Disclosure is the most widely exploited vulnerability, and attackers continue to target the education and research sectors most.
Qbot, a sophisticated Trojan that steals bank details and keystrokes, overtook Emotet on its return last month to become the most prevalent malware, affecting 13,49 percent of businesses in Germany. Emotet drops to second at 5,12 percent, followed by Formbook at 1,96 percent. In the field of mobile threats, the Android malware Hiddad is making a comeback, while education remains the most affected industry in Germany and worldwide.
Global Threat Index: full of dangers
Maya Horowitz, VP Research at Check Point Software, on the latest Global Threat Index: “The overwhelming theme of our recent research is that malware often disguises itself as legitimate software to allow hackers to sneak into devices without raising suspicion. That's why it's important to exercise due care when downloading software and applications or clicking on links, no matter how genuine they look."
Top 3 malware for Germany
The arrows at the beginning refer to the change in the ranking, i.e. ascent or descent, compared to the previous month.
⇑ Qbot – Qbot, also known as Qakbot, is a banking Trojan that first appeared in 2008. It is designed to steal a user's banking information and keystrokes. Commonly distributed via spam emails, Qbot uses multiple anti-VM, anti-debugging, and anti-sandbox techniques to complicate analysis and evade detection.
⇓ Emotet – Emotet is an advanced, self-propagating and modular trojan horse that was once used as a banking trojan and currently proliferates other malware or malicious campaigns. Emotet uses multiple persistence methods and evasion techniques to avoid detection and can be distributed via phishing spam emails with malicious attachments or links.
⇑ Formbook – Formbook is an info-stealer targeting the Windows operating system and was first discovered in 2016. It is marketed as Malware as a Service (MaaS) on underground hacking forums due to its strong evasion techniques and relatively low price. Formbook collects login credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and run files on instruction from its C&C.
Top 3 vulnerabilities
In December, Web Server Exposed Git Repository Information Disclosure was the top exploited vulnerability, affecting 46 percent of organizations worldwide, closely followed by Web Server's Malicious URL Directory Traversal with a 44 percent share. Command injection over HTTP is the third most commonly used vulnerability, with a global impact of 43 percent.
⇑ Web Servers Exposed Git Repository Information Disclosure – An information disclosure vulnerability was reported in Git Repository. Successful exploitation of this vulnerability could allow unintentional disclosure of account information.
⇓ Web Server Malicious URL Directory Traversal
(CVE-2010-4598,CVE-2011-2474,CVE-2014-0130,CVE-2014-0780,CVE-2015-0666,CVE-2015-4068,CVE-2015-7254,CVE-2016-4523,CVE -2016-8530,CVE-2017-11512,CVE-2018-3948,CVE-2018-3949,CVE-2019-18952,CVE-2020-5410,CVE-2020-8260) - A directory traversal vulnerability exists on different web servers. The vulnerability is due to an input validation error in a web server that does not properly sanitize the URI for directory traversal patterns. Successful exploitation allows unauthenticated attackers to expose or access arbitrary files on the vulnerable server.
⇑ Command Injection Over HTTP (CVE-2021-43936,CVE-2022-24086) - A Command Injection over HTTP vulnerability has been reported. A remote attacker can exploit this issue by sending a specially crafted request to the victim. If successfully exploited, attackers could execute arbitrary code on the target computer.
Top 3 Mobile Malware
Over the past month, Anubis continued to be the most prevalent mobile malware, followed by Hiddad and AlienBot.
⇔ Anubis – Anubis is a banking Trojan developed for Android phones. Since its initial detection, it has gained additional features including remote access trojan (RAT), keylogger and audio recording capabilities, and various ransomware functions. It has been spotted in hundreds of different applications on the Google Store.
⇑ Hiddad - Hiddad is an Android malware that repackages legitimate apps and then publishes them to a third-party store. Its main function is to display advertisements, but it can also gain access to important operating system security details.
⇔ AlienBot – AlienBot is an Android banking Trojan sold underground as Malware-as-a-Service (MaaS). It supports keylogging, dynamic overlays for credential theft, and SMS harvesting to bypass 2FA. Additional remote control capabilities are provided via a TeamViewer module.
Top 3 of the attacked sectors and areas in Germany:
⇔ – Education/Research
⇔ – Retail/Wholesale
⇔ – Healthcare
Check Point's Global Threat Impact Index and ThreatCloud Map are powered by Check Point's ThreatCloud Intelligence. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide across networks, endpoints and mobile phones. This intelligence is enriched with AI-based engines and exclusive research data from Check Point Research, the research and development department of Check Point Software Technologies.
More at CheckPoint.com
About check point Check Point Software Technologies GmbH (www.checkpoint.com/de) is a leading provider of cybersecurity solutions for public administrations and companies worldwide. The solutions protect customers from cyberattacks with an industry leading detection rate for malware, ransomware and other types of attacks. Check Point offers a multi-level security architecture that protects company information in cloud environments, networks and on mobile devices, as well as the most comprehensive and intuitive “one point of control” security management system. Check Point protects over 100.000 businesses of all sizes.