Check Point experts published the Global Threat Index report for January 2020, which listed the most active threats in January 2020, and also warned that in recent weeks, attackers have been actively exploiting the coronavirus theme in malicious emails.
For four latest months, the Emotet Trojan leaded in the top of the most active malware; it is distributed mainly through malicious spam.Since its operators follow trends and news, recently such letters promise to talk about the sources of distribution of coronavirus and share more detailed statistics on the number of infected people.
The most prominent Coronavirus-themed campaign targeted Japan, distributing Emotet – the leading malware type for the 4th month running – in malicious email attachments feigning to be sent by a Japanese disability welfare service provider. The emails appear to be reporting where the infection is spreading in several Japanese cities, encouraging the victim to open the document”, — said Check Point researchers.
If the user is interested in such a “bait” and follows the link (or opens an attachment), Emotet is automatically downloaded to the computer. Having infected the victim’s system, Emotet uses the machine for further spamming, and also installs additional malware on the device. Often this is a Trickbot banker (which steals credentials, cookies, browser history, SSH keys, and so on), as well as Ryuk ransomware.
The report also notes that in January the number of attempts to exploit the RCE vulnerability in the MVPower DVR increased: this problem affected 45% of organizations worldwide. If the bug is successfully used, an attacker can remotely execute arbitrary code on the victim’s machine.
The most active malware in January 2020:
- Emotet, an advanced self-propagating modular trojan. Emotet was once an ordinary banking trojan, and has recently been used to spread malware and campaigns. It can send phishing emails containing malicious attachments or links. Attacked 13% of organizations in the world. For detection, sometimes are needed special utilities;
- XMRig is open source software, first discovered in May 2017. Used for mining of cryptocurrency Monero. In January, it caused problems in 10% of organizations;
- Trickbot is one of the dominant banking Trojans in the market, which is constantly updated with new features, functions and distribution vectors. Attacked 7% of organizations.
Over the past four months, the top threats have remained the same versatile, multi-purpose malware families, including Emotet, XMRig, and Trickbot. Collectively, these top three malware types impact 30% of organizations globally. These attacks can be extremely damaging, leaving organizations vulnerable to data theft, extortion or operational disruption”, — also report researchers.
In Check Point explain that employees should be educated about the risks of opening, downloading or clicking on external documents that do not come from trusted sources or contact.
