Trickbot, a botnet and banking Trojan that can steal financial details, account credentials, and personally identifiable information, was the top cyber threat in May 2021, Check Point Software Technologies researchers said in the security provider’s latest Global Threat Index.
The malware, which can spread through a network and drop ransomware, including the notorious Ryuk, became more prevalent after international law enforcement took down the global Emotet botnet in January 2021, Check Point said.
TrickBot and Ryuk Ransomware Attacks
Not only is TrickBot the primary delivery pipeline for the notorious ransomware variant Ryuk and a prime mover in the ransomware-as-a-service model, it is also a menace to government agencies, schools, healthcare and businesses. In October 2020, a federal court gave Microsoft and a group of security providers clearance to disable the IP addresses, make inaccessible the content stored on the command and control servers, suspend all services to the botnet operators and block any effort by the Trickbot operators to purchase or lease additional servers.
In March 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) urged organizations to guard against TrickBot malware spear-phishing campaigns. CISA previously issued a TrickBot warning last year.“It’s reassuring to see that charges have been filed in the fight against Trickbot, this month’s most prevalent malware, but clearly there is still a long way to go,” said Maya Horowitz, Check Point threat intelligence & research director.
Dridex, one of the most active financial malware in play, has fallen completely off of Check Point’s monthly review. So far no one knows why, although there’s some indication, Check Point’s researchers said, that the Evil Corp crew has rebranded the malware and taken measures to skirt law enforcement authorities.
Research: Cyberattacks Trend Upward
Overall, while ransomware has commanded the headlines, there’s been a “huge surge” in the number of cyber attacks, Check Point’s researchers said, calling it a “significant and troubling trend.”
By the numbers:
- The number of cyber attacks in the Americas has spiked 70 percent year-over-year, risen 97 percent in EMEA and 168 percent in APAC.
- “Web Server Exposed Git Repository Information Disclosure” is still the most common exploited vulnerability, affecting 48 percent of organizations globally.
- “HTTP Headers Remote Code Execution” impacts 47.5 percent of organizations worldwide.
- “MVPower DVR Remote Code Execution” has a global impact of 46 percent.
Here are some additional data from the May 2021 Index:
Top malware families: In May 2021, Trickbot was the most popular malware with a global impact of eight percent of organizations, followed by XMRig and Formbook impacting three percent of organizations worldwide each. XMRig is an open source CPU mining software and Formbook is an infostealer.
Top mobile malware: In May 2021, xHelper was first place in the most prevalent mobile malware, followed by Triada and Hiddad. xHelper is a malicious application used for downloading other malicious apps. Triada is a modular backdoor for Android that grants superuser privileges to downloaded malware. Hiddad is an Android malware that repackages legitimate apps and then releases them to a third-party store.
“Organizations need to be aware of the risks and ensure adequate solutions are in place, but also remember that attacks cannot only be detected, they can also be prevented, including zero-day attacks and unknown malware. With the right technologies in place, the majority of attacks, even the most advanced ones can be prevented without disrupting the normal business flow.”