March 2020’s Most Wanted Malware: Dridex Banking Trojan Ranks On Top Malware List For First Time
April 09 2020 - 6:00AM
Check Point Research, the Threat Intelligence arm of Check Point®
Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of
cyber security solutions globally, has published its latest Global
Threat Index for March 2020. The well-known banking trojan
Dridex, which first appeared in 2011, has entered the top ten
malware list for the first time, as the third most prevalent
malware in March. Dridex has been updated and is now being used in
the early attack stages for downloading targeted ransomware, such
as BitPaymer and DoppelPaymer.
The sharp increase in the use of Dridex was driven by several
spam campaigns containing a malicious Excel file which downloads
Dridex malware into the victim’s computer. This upsurge in Dridex
malware highlights just how quickly cyber-criminals change the
themes of their attacks to try and maximize infection rates. Dridex
is a sophisticated strain of banking malware that targets the
Windows platform, delivering spam campaigns to infect computers and
steal banking credentials and other personal information to
facilitate fraudulent money transfer. The malware has been
systematically updated and developed over the past decade.
XMRig remains in 1st place in the Index of top malware families,
impacting 5% of organizations globally, followed by Jsecoin and
Dridex which impacted 4% and 3% of organizations worldwide
respectively.
“Dridex appearing for the first time as one of the top malware
families shows how quickly cybercriminals can change their
methods,” said Maya Horowitz, Director, Threat Intelligence &
Research, Products at Check Point. “This kind of malware can be
very lucrative for criminals given its sophistication, and is now
being used as a ransomware downloader, which makes it even more
dangerous than previous variants. So, individuals need to be wary
of emails with attachments, even if they appear to originate from a
trusted source - especially with the explosion in home working over
the past few weeks. Organizations need to be educating employees on
how to identify malicious spam, and deploy security measures that
help protect their teams and networks against such threats.”
The research team also warns that “MVPower DVR Remote Code
Execution” remained the most common exploited vulnerability,
impacting 30% of organizations globally, closely followed by “PHP
php-cgi Query String Parameter Code Execution” with a global impact
of 29%, followed by “OpenSSL TLS DTLS Heartbeat Information
Disclosure” impacting 27% of organizations worldwide.
Top malware families*The arrows relate to the
change in rank compared to the previous month.
This month XMRig remains in 1st place,
impacting 5% of organizations globally, followed by
Jsecoin and Dridex impacting 4%
and 3% of organizations worldwide respectively.
- ↔ XMRig - XMRig is an open-source CPU mining
software used for the mining process of the Monero cryptocurrency,
first seen in the wild on May 2017.
- ↑ Jsecoin - Jsecoin is a web-based
cryptominer, designed to perform online mining of Monero
cryptocurrency when a user visits a particular web page. The
implanted JavaScript uses a large amount of the end user’s
computational resources to mine coins, thus impacting the system
performance.
- ↑ Dridex - Dridex is a Banking Trojan that
targets the Windows platform, and is delivered by spam campaigns
and exploit kits, which rely on WebInjects to intercept and
redirect banking credentials to an attacker-controlled server.
Dridex contacts a remote server, sends information about the
infected system and can also download and execute additional
modules for remote control.
Top exploited vulnerabilitiesThis month the
“MVPower DVR Remote Code Execution” remains the
most common exploited vulnerability, impacting 30% of organizations
globally, closely followed by “PHP php-cgi Query String
Parameter Code Execution” with a global impact of 29%. In
3rd place “OpenSSL TLS DTLS Heartbeat Information
Disclosure” is impacting 27% of organizations
worldwide.
- ↔ MVPower DVR Remote Code Execution – A remote
code execution vulnerability that exists in MVPower DVR devices. A
remote attacker can exploit this weakness to execute arbitrary code
in the affected router via a crafted request.
- ↑ PHP php-cgi Query String Parameter Code
Execution – A remote code execution vulnerability that has
been reported in PHP. The vulnerability is due to the improper
parsing and filtering of query strings by PHP. A remote attacker
may exploit this issue by sending crafted HTTP requests. Successful
exploitation allows an attacker to execute arbitrary code on the
target.
- ↓ OpenSSL TLS DTLS Heartbeat Information Disclosure
(CVE-2014-0160; CVE-2014-0346) - An information disclosure
vulnerability which exists in OpenSSL. The vulnerability is due to
an error when handling TLS/DTLS heartbeat packets. An attacker can
leverage this vulnerability to disclose memory contents of a
connected client or server.
Top malware families - MobileThis month
xHelper retained the 1st place in the most
prevalent mobile malware, followed by AndroidBauts
and Lotoor.
- xHelper - A malicious application seen in the
wild since March 2019, used for downloading other malicious apps
and display advertisement. The application can hide itself from the
user and reinstall itself in case if uninstalled.
- AndroidBauts - Adware targeting Android users
that exfiltrates IMEI, IMSI, GPS location and other device
information and allows the installation of third-party apps and
shortcuts on mobile devices.
- Lotoor - A hacking tool that exploits
vulnerabilities on Android operating systems to gain root
privileges on compromised mobile devices.
Check Point’s Global Threat Impact Index and its ThreatCloud Map
is powered by Check Point’s ThreatCloud intelligence, the largest
collaborative network to fight cybercrime which delivers threat
data and attack trends from a global network of threat sensors. The
ThreatCloud database inspects over 2.5 billion websites and 500
million files daily, and identifies more than 250 million malware
activities every day.
The complete list of the top 10 malware families in February can
be found on the Check Point Blog.
Follow Check Point Research via:Blog:
https://research.checkpoint.com/ Twitter:
https://twitter.com/_cpresearch_
About Check Point Research Check Point Research
provides leading cyber threat intelligence to Check Point Software
customers and the greater intelligence community. The research team
collects and analyzes global cyber-attack data stored on
ThreatCloud to keep hackers at bay, while ensuring all Check Point
products are updated with the latest protections. The research team
consists of over 100 analysts and researchers cooperating with
other security vendors, law enforcement and various CERTs.
About Check Point Software Technologies
Ltd.Check Point Software Technologies Ltd.
(www.checkpoint.com) is a leading provider of cyber security
solutions to governments and corporate enterprises globally. Check
Point’s solutions protect customers from 5th generation
cyber-attacks with an industry leading catch rate of malware,
ransomware and advanced targeted threats. Check Point offers a
multilevel security architecture, “Infinity Total
Protection with Gen V advanced threat prevention”, this
combined product architecture defends an enterprises’ cloud,
network and mobile devices. Check Point provides the most
comprehensive and intuitive one point of control security
management system. Check Point protects over 100,000 organizations
of all sizes.
MEDIA
CONTACT:Emilie Beneitez LefebvreCheck
Point Software Technologiespress@checkpoint.com |
|
INVESTOR CONTACT:Kip E.
MeintzerCheck Point Software
Technologiesir@us.checkpoint.com |
A photo accompanying this announcement is available at
https://www.globenewswire.com/NewsRoom/AttachmentNg/571490b8-79f4-4103-9f95-c08d4b3cf7ec
Check Point Software Tec... (NASDAQ:CHKP)
Historical Stock Chart
From Aug 2024 to Sep 2024
Check Point Software Tec... (NASDAQ:CHKP)
Historical Stock Chart
From Sep 2023 to Sep 2024