Check Point Research (CPR), the Threat Intelligence arm of Check Point Software, a leading provider of cyber security solutions globally, has published its latest Global Threat Index for November 2021.
The latest Global Threat Index for November 2021 reveals that while Trickbot remains at the top of the most prevalent malware list, affecting 5% of organizations worldwide, the recently resurgent Emotet is back in the index in seventh position. CPR also reveals that the most attacked industry is Education/Research, followed by Communications and Government/ Military.
Despite major efforts from Europol and numerous law enforcement agencies earlier this year to bring down Emotet, the notorious botnet was confirmed to be back in action by November and is already the seventh most utilised malware. Trickbot tops the index for the sixth time this month, and is even involved with the new variant of Emotet, which is being installed on infected machines using Trickbot’s infrastructure.
How Emotet Attacks
Emotet is being spread via phishing emails which contain infected Word, Excel, and Zip files that deploy Emotet on the victim host. The emails contain intriguing subject lines such as current news events, invoices, and fake corporate memos to lure the victims to open them. Most recently, Emotet also started spreading through malicious Windows App Installer packages pretending to be Adobe software.
“Emotet is one of the most successful botnet in the history of cyber and is responsible for the explosion of targeted ransomware attacks that we have witnessed in recent years. The botnet’s comeback in November is extremely concerning as it may lead to a further increase in such attacks,” said Maya Horowitz, VP Research at Check Point Software
Maya further added “The fact that it is using Trickbot’s infrastructure means it is shortening the time it would take for Emotet to build a significant enough foothold in networks around the world. As it is being spread via phishing emails with malicious attachments, it’s crucial that user awareness and education is at the top of organisations’ priority lists when it comes to cybersecurity. And anyone looking to download Adobe software should remember, as with any application, to only go via official means.”
Emotet is one of the most successful botnet in the history of cyber and is responsible for the explosion of targeted ransomware attacks that we have witnessed in recent years. It was also revealed by CPR that Education/ Research is the most attacked industry globally, followed by Communications and Government/ Military.
Other Malwares Apart from Emotet
When it comes to top mobile malware, AlienBot takes first place, followed by xHelper and FluBot.
1. AlienBot – AlienBot malware family is a Malware-as-a-Service (MaaS) for Android devices that allows a remote attacker, as a first step, to inject malicious code into legitimate financial applications. The attacker obtains access to victims’ accounts, and eventually completely controls their device.
2. xHelper – A malicious application seen in the wild since March 2019, used for downloading other malicious apps and display advertisements. The application is capable of hiding itself from the user and can even reinstall itself in the event that it was uninstalled.
3. FluBot – FluBot is an Android botnet distributed via phishing SMS messages, most often impersonating logistics delivery brands. Once the user clicks the link inside the message, FluBot is installed and gets access to all sensitive information on the phone.
Some Preventative Measures to Take
Security Tips to Keep Your Organization Safe
- Intrusion Prevention System (IPS) prevents attempts to exploit weaknesses in vulnerable systems or applications, protecting you in the race to exploit the latest breaking threat. Updated IPS helps your organization stay protected.
- Patching is essential though an incomplete security measure, which can leave your network open for attack. By taking a more comprehensive approach, which combines robust IPS functionality with a concerted patching strategy, network administrators can better equip themselves to handle ‘Patch Tuesdays’ and secure the network between upgrades and patches.
- Endpoint protections: Conventional signature-based Anti-Virus is a highly efficient solution for preventing known attacks and should definitely be implemented in any organization, as it protects against a majority of the malware attacks that an organization faces. In addition, comprehensive endpoint protection at the highest security level is crucial in order to avoid security breaches and data compromises