In December 2023, Nanocore was at number one on the malware charts, Qbot was back and the most frequently attacked industry was education and research, ahead of healthcare.
Check Point® Software Technologies has released its December 2023 Global Threat Index. This month, the Qbot malware was used by hackers as part of a phishing attack targeting businesses in the hospitality industry. In the campaign, hackers impersonated the US Internal Revenue Service (IRS) and sent fraudulent emails containing PDF attachments that contained embedded URLs and were linked to a Microsoft installer. Once activated, this triggered an invisible version of Qbot that used an embedded dynamic link library (DLL).
Unfortunately, Qbot returns
Before Qbot was decommissioned in August 2023, it dominated the threat index, ranking among the top three most prevalent malwares for 10 months in a row. Although Qbot has not returned to the list, after this secret resurrection, the next few months will show whether the pest can regain the same level of notoriety that it previously enjoyed.
In Germany, the remote access Trojan Nanocore was again at the top of the most widespread malware in the last month of last year, followed by Formbook, which was pushed out of the summit. The remote access Trojan Remcos is back in third place.
Top malware in December 2023 in Germany
*The arrows refer to the change in ranking compared to the previous month.
- ↑Nanocore – Nanocore is a remote access Trojan (RAT) targeting Windows operating system users and was first observed in 2013. All versions of the RAT include basic plugins
and features such as screen recording, cryptocurrency mining, remote desktop control, and webcam session theft. - ↓Form book – Formbook is an infostealer that targets the Windows operating system and was first discovered in 2016. It is marketed on underground hacking forums as Malware-as-a-Service (MaaS) due to its strong evasion techniques and relatively low price. Formbook collects credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files upon instruction from its C&C.
- ↑Remcos - Remcos is a RAT that first appeared in the wild in 2016. Remcos spreads via malicious Microsoft Office documents attached to SPAM emails and is designed to bypass Microsoft Windows UAC security and execute high-privilege malware.
Top 3 vulnerabilities in December 2023
Last month, Apache Log4j Remote Code Execution (CVE-2021-44228) and Web Servers Malicious URL Directory Traversal were the most exploited vulnerabilities, affecting 46 percent of organizations worldwide, followed by Zyxel ZyWALL Command Injection (CVE-2023-28771 ) with a global share of 43 percent.
- ↑ Apache Log4j Remote Code Execution (CVE-2021-44228) – A remote code execution vulnerability exists in Apache Log4j. The successful one
Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. - ↔ Web server Malicious URL Directory Traversal (CVE-2010-4598, CVE-2011-2474, CVE-2014-0130, CVE-2014-0780, CVE-2015-0666, CVE-2015-4068, CVE-2015-7254, CVE-2016-4523, CVE -2016-8530,CVE-2017-11512, CVE-2018-3948, CVE-2018-3949, CVE-2019-18952, CVE-2020-5410, CVE-2020-8260) - A directory traversal vulnerability exists different web servers. The vulnerability is due to an input validation error in a web server that does not properly sanitize the URI for the directory traversal patterns. A successful exploitation allows unauthenticated attackers to disclose or access arbitrary files on the vulnerable server.
- ↔ Zyxel ZyWALL Command Injection (CVE-2023-28771) – A command injection vulnerability exists in Zyxel ZyWALL. Successful exploitation of this vulnerability would allow remote attackers to execute arbitrary operating system commands on the affected system.
Top 3 Mobile Malware in December 2023
Last month, Anubis remained the top mobile malware, followed by AhMyth and the re-entering Android malware Hiddad.
- ↔ Anubis – Anubis is a banking Trojan malware designed for Android mobile phones. Since its initial discovery, it has gained additional features including Remote Access Trojan (RAT), keylogger, audio recording capabilities
and various ransomware features. It has been discovered in hundreds of different applications on the Google Store - ↔ AhMyth – AhMyth is a remote access Trojan (RAT) discovered in 2017. It is distributed through Android apps that can be found in app stores and various websites. When a user installs one of these infected apps, the malware can collect sensitive information from the device and perform actions such as keylogging, taking screenshots, sending SMS messages, and activating the camera, which are typically used to steal sensitive information .
- ↑ Hiddad – Hiddad is an Android malware that repackages legitimate apps and then publishes them to a third-party store. Its main function is to display advertisements, but it can also gain access to important security details of the operating system.
Top 3 of the attacked sectors and areas in Germany
- ↑Education/Research
- ↔Healthcare
- ↓ ISP/MSP
Check Point's Global Threat Impact Index and ThreatCloudMap are powered by Check Point's ThreatCloud Intelligence. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide across networks, endpoints and mobile phones. This intelligence is enriched with AI-based engines and exclusive research data from Check Point Research, the research and development division of Check Point Software Technologies.
Go directly to the report on CheckPoint.com
About check point Check Point Software Technologies GmbH (www.checkpoint.com/de) is a leading provider of cybersecurity solutions for public administrations and companies worldwide. The solutions protect customers from cyberattacks with an industry leading detection rate for malware, ransomware and other types of attacks. Check Point offers a multi-level security architecture that protects company information in cloud environments, networks and on mobile devices, as well as the most comprehensive and intuitive “one point of control” security management system. Check Point protects over 100.000 businesses of all sizes.
Matching articles on the topic