THE Check Point Software Technologies Ltd.: THE CHKP), a global cybersecurity solutions provider, published its Global Threat Index for October 2023. Last month the Remote Access Trojan (RAT) NJRat, which is known to target government agencies and organizations across the Middle East, moved up four places from sixth to second. The researchers also reported a new mal–spam campaign that includes advanced RAT AgentTesla and that education remained the most targeted sector.
Last month, the AgentTesla was seen to be distributed via archive files containing a malicious extension Microsoft Compiled HTML Help (.CHM). The files were delivered via email as .GZ the .zip attachments using names associated with recent orders and shipments, such as – po-####.gz / shipping documents.gz, designed to lure targets into downloading the malware. Once installed, the AgentTesla is capable of capturing data from the clipboard, accessing the file system, and surreptitiously transferring stolen data to a command and control server (C&C).
“We can’t afford to miss the tactics hackers use to distribute malware, such as impersonating well-known brands or sending malicious files via email,” said Maya Horowitz, VP Research in check point software. “As we enter the busy November shopping season, it’s important to hang on be vigilant and remember that cybercriminals are actively taking advantage of our increased interest in online shopping and shipping.”
THE CPR also revealed that the “Zyxel ZyWALL Command Injection (CVE-2023-28771)” was the most exploited vulnerability, affecting 42% of organizations worldwide, followed by “Command Injection Over HTTP” affecting 42% of organizations worldwide. The “Web Servers Malicious URL Directory Traversal” was the third most exploited vulnerability, with a global impact of 42%.
Top families malware
*The arrows refer to the change in ranking compared to the previous month.
The Formbook was the most prevalent malware last month with impact 3% in global organizations, followed by NJRat with global impact 2% and Remcos with global impact 2%.
↔ Formbook – The Formbook it is one Infostealer which the operating system targets Windows and was first detected in 2016. It is marketed as malware as a service (Malware as a Service – Maas) in underground forums hacking for its powerful evasion techniques and relatively low price. The Formbook collects credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files as directed by C&C of.
↑ NJRat – The NJRat it is one Trojan remote access, mainly targeting government agencies and organizations in the Middle East. The Trojan it first appeared in 2012 and has multiple capabilities: capturing keystrokes, accessing the victim’s camera, stealing credentials stored in browsers, uploading and downloading files, performing process and file manipulations, and viewing the victim’s desktop. The NJRat infects victims through phishing attacks (phishing) and downloads via drive–by and is spread through infected keys USB or networked drives, supported by command and control server software (C&C).
↓ Remcos – The Remcos it is one Trojan remote access (RAT) that first appeared in nature in 2016. The Remcos distributed through its malicious documents Microsoft Officewhich are attached to email messages SPAMand is designed to bypass security uac of Microsoft Windows and run malware with elevated privileges.
The Industries With the Most Attacks Worldwide
Last month the Education/Research remained in first place as the industry with the most attacks worldwide, followed by Communications and Government/Military sector.
The most exploitable vulnerabilities
Last month, the “Zyxel ZyWALL Command Injection (CVE-2023-28771)” was the most exploited vulnerability, affecting the 47% of organizations worldwide, followed by the “Command Injection Over HTTP“ with 42% and “Web Servers Malicious URL Directory Traversal” with 42% also.
↑ Zyxel ZyWALL Command Injection (CVE-2023-28771) – There is a command injection vulnerability in the Zyxel ZyWALL. Successful exploitation of this vulnerability would allow remote attackers to execute arbitrary operating system commands on the affected system.
↔ Command Injection Over HTTP (CVE-2021-43936, CVE-2022-24086)
↓ Web Servers Malicious URL Directory Traversal (CVE-2010-4598,CVE-2011-2474,CVE-2014-0130,CVE-2014-0780,CVE-2015-0666,CVE-2015-4068,CVE-2015-7254,CVE-2016-4523,CVE-2016-4523 2016-8530,CVE-2017-11512,CVE-2018-3948,CVE-2018-3949,CVE-2019-18952,CVE-2020-5410,CVE-2020-8260) – Exists a vulnerability in the directory traversal in various web servers. The vulnerability is due to an input validation error on a web server that does not properly clean up the URI for directory traversal patterns. Successful exploitation allows unauthorized remote attackers to expose or gain access to arbitrary files on the vulnerable server.
Top Mobile Malwares
Last month the Anubis remained in the top spot as the most prevalent mobile malware, followed by AhMyth and Hiddad.
- Anubis – The Anubis is a banking malware Trojan designed for mobile phones Android. Since it was first identified, it has acquired additional functions, including functions Remote Access Trojan (RAT), keyloggeraudio recording capabilities and various functions ransomware. It has been spotted in hundreds of different apps available on the Google Store.
- AhMyth – The AhMyth it is one Trojan remote access (RAT) discovered in 2017. Distributed via apps Android which can be found in app stores and various websites. When a user installs one of these infected apps, the malware can collect sensitive information from the device and perform actions such as keyloggingtake screenshots, send messages SMS and activating the camera, which is commonly used to steal sensitive information.
Hiddad – The Hiddad is a malware Android that repackages legitimate apps and then releases them on a third-party store. Its main function is to serve ads, but it can also access key security details built into the operating system.
The Global Threat Impact Index (Global Threat Impact Index) her Check Point and ThreatCloud Map fueled by technology ThreatCloud her Check Point. ThreatCloud provides real-time threat intelligence from hundreds of millions of sensors worldwide, across networks, endpoints and mobile phones. Intelligence is enhanced with AI-based engines and exclusive research data from Check Point Research, the intelligence and research arm of Check Point Software Technologies.
The full list of October’s top ten malware families is on her blog Check Point.
The table with the malicious software that affected Greece as well as their corresponding impact at the global level.
|Country||Malware Family||Effects on the country||Global impact|