What are the “nastiest” malware? Enterprise software provider OpenText covers 2022’s biggest cyber threats.
Emotet regained its place at the top, reminding the world that while affiliates may be taken down, the masterminds are resilient, OpenText stated in its report. In addition, LockBit evolved its tactics into something never seen before: triple extortion.
Phishing Rises By Nearly 1100%
OpenText reports an almost 1100% increase in phishing during the first four months of 2022 compared to the same period in 2021 — indicating a possible end to the "hacker holiday," a hacker rest period following the busy holiday season.
While this year's list may designate payloads into different categories of malware, OpenText notes that many of these bad actor groups contract work from others. This allows each group to specialize in their respective payload and perfect it.
Muhi Majzoub, OpenText executive vice president and chief product officer, added context to the malware environment:
"The key takeaway from this year's findings is that malware remains center stage in the threats posed towards individuals, businesses, and governments. Cybercriminals continue to evolve their tactics, leaving the infosec community in a constant state of catch-up. With the mainstream adoption of ransomware payloads and cryptocurrency facilitating payments, the battle will continue. No person, no business, regardless of size, is immune to these threats."
2022's Nastiest Malware
OpenText lists the top five nastiest malware — and what to watch out for:
- Emotet remains the most successful botnet in existence, following a brief shutdown last year. Its job is to send malspam campaigns to billions of emails a day. It creates a foothold on a victim's computer, with follow-up malware that will then move laterally and compromise the rest of the environment before bringing in the final payload of ransomware.
- LockBit is this year's most prolific and successful ransomware group. While the group has been around for about three years as a ransomware-as-a-service (RaaS) group, they continue to advance their tactics. In addition to taking data, holding it for ransom and threatening to leak it, triple extortion adds a third layer — a distributed denial-of-service (DDoS) attack on an entire system to completely lock it down.
- Conti, a RaaS malware, has been on the nastiest malware radar for quite some time. In February 2022, Conti released a statement of support on their leak site for the Russian government. Conti has since rebranded into multiple operations, most notably HelloKitty, BlackCat and BlackByte.
- Qbot (or Qakbot), possibly the oldest info-stealing trojan, still receives updates today. It moves throughout the network and infects the entire environment while "casing the joint" to allow access to as much data as possible to exfiltrate for extortion and to prepare for the final stage of ransomware payloads.
- Valyria is another strain of a used-to-be banking trojan turned into malspam botnet with email attachments. Infected email can lead into malicious scripts, typically resulting in ransomware. The tricky part about Valyria is the complexity of the components and its ability to evade detection.