Content, Content

Top Q3 2020 Malware and Cyber Crimes: Infoblox Research Findings

The most prevalent types of cyber crime in the third quarter of 2020 were phishing/vishing/smishing/pharming (props to the namers), non-payment/non-delivery, extortion, and personal data breach, Infoblox said in its first ever quarterly Cyberthreat Intelligence Report.

Topping the list with the highest reported losses were business email compromise (BEC), confidence/romance fraud and spoofing, the core network services provider said in the report. The Santa Clara, California-based security specialist’s white paper includes data on threat activity publicly released from July 1, 2020 through September 30, 2020 and its detailed analysis of advanced malware campaigns and recent significant attacks.

Infoblox mapped its analyses to the results of the Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3), in which the sub-agency disclosed that it received more than 460,000 complaints amounting to losses of more than $3.5 billion, most of it from BEC, ransomware, elder fraud, and tech support fraud.

“We see evidence that these trends will continue to increase over time due to expanding opportunities for exploitation by cyberattackers, such as the recent increase in teleworking,” Infoblox said. “Our researchers continue to see a large emphasis on email campaigns and socially engineered attacks designed to engage victims.” For the majority of threats to be successful the intended victims must “interact and cooperate” with the malware's deception tactics, Infoblox said.

COVID-19 and teleworking hacking opportunities grew during the quarter, according to Infoblox. Here are some contributing factors:

  • The rise in teleworking created vulnerabilities more easily exploited by threat actors attacking commercial and government organizations.
  • Because the pandemic has unfolded quickly and is widespread organizations have scrambled to alter their existing cybersecurity measures to support a large-scale remote workforce.
  • Remote workers may be easily victimized by malicious links in online forums, social media and compromised websites.
  • Attackers are leveraging the widespread demand for information about the pandemic to lure victims in.

Here’s a sampling of bugs Infoblox saw in the quarter:

BLM-themed malspam.
A campaign that used the Black Lives Matter (BLM) movement and the Trickbot malware to lure unsuspecting victims into opening a malicious email and attachment.

Valak infoStealer.
Valak malware loader delivers the IcedID banking trojan which is designed to steal banking credentials, credit cards and other financial information.

Vidar infoStealer.
Vidar can steal credit cards, usernames, passwords and files, take screenshots of a user’s desktop and steal wallets for cryptocurrencies.

Proofpoint’s threat research team observed a malspam campaign delivering the Emotet banking trojan after a five-month hiatus by the threat actor. Emotet steals stored passwords, sensitive banking data and browser histories from victims’ computers.

Qakbot infostealer.
Qakbot, aka Qbot, can steal a victim’s credentials, banking information and files. It has worm capabilities that allow it to spread itself to other systems on the same network.

MassLogger infostealer malspam.
MassLogger is a relatively new infostealer written using .NET, a programming framework developed by Microsoft. It and can log keystrokes and clipboard data, take screenshots and steal credentials from popular browsers.

njRAT malspam.
njRAT malware, aka Bladabindi and Njw0rm, is a remote access trojan (RAT) and infostealer that can maintain persistence and operate undetected on victims’ machines while sending sensitive information back to its command and control (C&C) infrastructure.

Metamorfo banking trojan.
Metamorfo is a banking trojan that attempts to steal sensitive financial information and exfiltrate it to a C&C server. It features a wide variety of evasive techniques to bypass security and deliver its payload undetected.

For a full list of malware Infoblox found in the quarter click here.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.