January 2020’s Most Wanted Malware: Coronavirus-themed Spam Spreads Emotet Malware
February 13 2020 - 6:00AM
Check Point Research, the Threat Intelligence arm of Check Point®
Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of
cyber security solutions globally, has published its latest Global
Threat Index for January 2020. The research team reported that
Emotet was the leading malware threat for the fourth month running,
and was being spread during the month using a Coronavirus-themed
spam campaign.
The emails appear to be reporting where Coronavirus is
spreading, or offering more information about the virus,
encouraging the victim to open the attachments or click the links
which, if opened, attempt to download Emotet on their computer.
Emotet is primarily used as a distributor of ransomware or other
malicious campaigns.
January also saw an increase in attempts to exploit the ‘MVPower
DVR Remote Code Execution’ vulnerability, impacting 45% of
organizations globally. This rose from being the third most
exploited vulnerability in December to the top position this month.
If successfully exploited, a remote attacker can exploit this
weakness to execute arbitrary code on the targeted machine.
“As with last month, the ‘most wanted’ malicious threats
impacting organizations continue to be versatile malware such as
Emotet, XMRig and Trickbot, which collectively hit over 30% of
organizations worldwide,” said Maya Horowitz, Director, Threat
Intelligence & Research, Products at Check Point. “Businesses
need to ensure their employees are educated about how to identify
the types of topical spam emails that are typically used to
propagate these threats, and deploy security that actively prevents
these threats from infecting their networks and leading to
ransomware attacks or data exfiltration.”
January 2020’s Top 3 ‘Most Wanted’ Malware:*The
arrows relate to the change in rank compared to the previous
month.
Emotet is holding the 1st place impacting 13% of organizations
globally, followed by XMRig and Trickbot impacting 10% and 7%
of organizations worldwide respectively.
- ↔ Emotet – Emotet is an advanced,
self-propagate and modular Trojan. Emotet used to be primarily a
banking Trojan, but recently has been used as a distributor of
other malware or malicious campaigns. It uses multiple methods for
maintaining persistence, and evasion techniques to avoid detection.
In addition, it can be spread through phishing spam emails
containing malicious attachments or links.
- ↔ XMRig – XMRig is an open-source CPU mining
software used for the mining process of the Monero cryptocurrency,
and first seen in-the-wild in May 2017.
- ↔ Trickbot – Trickbot is a dominant banking
Trojan constantly being updated with new capabilities, features and
distribution vectors. This enables Trickbot to be a flexible and
customizable malware that can be distributed as part of multi
purposed campaigns.
January’s Top 3 ‘Most Wanted’ Mobile
Malware:xHelper retains its 1st place in the most
prevalent mobile malware, followed by Guerilla and
AndroidBauts.
- ↔ xHelper- A malicious application seen in the
wild since March 2019, used for downloading other malicious apps
and display advertisement. The application is capable of hiding
itself from the user, and reinstalling itself if it is
uninstalled.
- ↔ Guerrilla - An Android Trojan found embedded
in multiple legitimate apps and is capable of downloading
additional malicious payloads. Guerrilla generates fraudulent ad
revenue for the app developers.
- ↑ AndroidBauts - Adware targeting Android
users that exfiltrates IMEI, IMSI, GPS Location and other device
information and allows the installation of third-party apps and
shortcuts on mobile devices.
January’s ‘Most Exploited’ vulnerabilities:The
“MVPower DVR Remote Code Execution” was the most common exploited
vulnerability, impacting 45% of organizations globally, followed by
“Web Server Exposed Git Repository Information Disclosure” with an
impact of 44% and the “PHP DIESCAN information disclosure”
vulnerability impacting 42%.
- ↑ MVPower DVR Remote Code Execution - A remote
code execution vulnerability in MVPower DVR devices. A remote
attacker can exploit this weakness to execute arbitrary code in the
affected router via a crafted request.
- ↑ Web Server Exposed Git Repository Information
Disclosure - An information disclosure vulnerability
reported in Git Repository. Successful exploitation of this
vulnerability could allow an unintentional disclosure of account
information.
- ↑ PHP DIESCAN information disclosure - An
information disclosure vulnerability reported in the PHP pages.
Successful exploitation could lead to the disclosure of sensitive
information from the server.
Check Point’s Global Threat Impact Index and its ThreatCloud Map
is powered by Check Point’s ThreatCloud intelligence, the largest
collaborative network to fight cybercrime which delivers threat
data and attack trends from a global network of threat sensors. The
ThreatCloud database holds over 250 million addresses analyzed for
bot discovery, more than 11 million malware signatures and over 5.5
million infected websites, and identifies millions of malware types
daily.
The complete list of the top 10 malware families in December can
be found on the Check Point Blog.
Follow Check Point Research via:Blog:
https://research.checkpoint.com/ Twitter:
https://twitter.com/_cpresearch_
About Check Point Research Check Point Research
provides leading cyber threat intelligence to Check Point Software
customers and the greater intelligence community. The research team
collects and analyzes global cyber-attack data stored on
ThreatCloud to keep hackers at bay, while ensuring all Check Point
products are updated with the latest protections. The research team
consists of over 100 analysts and researchers cooperating with
other security vendors, law enforcement and various CERTs.
About Check Point Software Technologies
Ltd.Check Point Software Technologies Ltd.
(www.checkpoint.com) is a leading provider of cyber security
solutions to governments and corporate enterprises globally. Check
Point’s solutions protect customers from 5th generation
cyber-attacks with an industry leading catch rate of malware,
ransomware and advanced targeted threats. Check Point offers a
multilevel security architecture, “Infinity Total
Protection with Gen V advanced threat prevention”, this
combined product architecture defends an enterprises’ cloud,
network and mobile devices. Check Point provides the most
comprehensive and intuitive one point of control security
management system. Check Point protects over 100,000 organizations
of all sizes.
MEDIA CONTACT:Emilie Beneitez
LefebvreCheck Point Software
Technologiespress@checkpoint.com |
|
INVESTOR CONTACT:Kip E.
MeintzerCheck Point Software
Technologiesir@us.checkpoint.com |
Check Point Software Tec... (NASDAQ:CHKP)
Historical Stock Chart
From Aug 2024 to Sep 2024
Check Point Software Tec... (NASDAQ:CHKP)
Historical Stock Chart
From Sep 2023 to Sep 2024