April 2022's Most Wanted Malware: A Shake Up in the Index but Emotet is Still on Top
SAN CARLOS, Calif., May 11, 2022 (GLOBE NEWSWIRE) -- Check Point Research (CPR), the Threat Intelligence arm of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber security solutions globally, has published its latest Global Threat Index for April 2022. Researchers report that Emotet, an advanced, self-propagating and modular Trojan, is still the most prevalent malware impacting 6% of organizations worldwide. Despite this, there has been movement for all other malwares in the list. Tofsee and Nanocore are out, and have been replaced by Formbook and Lokibot, now the second and sixth most prevalent malwares respectively.
Emotet’s higher score in March (10%) was mainly due to specific Easter themed scams but this month’s decrease could also be explained by Microsoft’s decision to disable specific macros associated with Office files, affecting the way that Emotet is usually delivered. In fact, there are reports that Emotet has a new delivery method; using phishing emails that contain a OneDrive URL. Emotet has many uses after it succeeds in bypassing a machine’s protections. Due to its sophisticated techniques of propagating and assimilation, Emotet also offers other malwares to cybercriminals on dark web forums including banking trojans, ransomwares, botnets, etc. As a result, once Emotet finds a breach, the consequences can vary depending on which malware was delivered after the breach was compromised.
Elsewhere in the index, Lokibot, an infostealer, has re-entered the list in sixth place after a high impact spam campaign delivering the malware via xlsx files made to look like legitimate invoices. This, and the rise of Formbook, have had a knock on effect on the position of other malwares with the advanced remote access trojan (RAT) AgentTesla, for example, dropping into third place from second.
At the end of March, critical vulnerabilities were found in Java Spring Framework, known as Spring4Shell, and since then, numerous threat actors have leveraged the threat to spread Mirai, this month’s ninth most prevalent malware.
“With the cyber threat landscape constantly evolving and with large corporations such as Microsoft influencing the parameters in which cybercriminals can operate, threat actors are having to become more creative in how they distribute malware, evident in the new delivery method now being employed by Emotet,” said Maya Horowitz, VP Research at Check Point. “In addition, this month we have witnessed the Spring4Shell vulnerability making headlines. Although it is not yet in the top ten list of vulnerabilities, it’s worth noting that over 35% of organizations worldwide have already been impacted by this threat in its first month alone, and so we expect to see it rise up the list in the coming months.”
CPR also revealed this month that Education & Research is still the most targeted industry by cybercriminals globally. “Web Server Exposed Git Repository Information Disclosur” is the most exploited vulnerability, impacting 46% of organizations worldwide, closely followed by “Apache Log4j Remote Code Execution”. “Apache Struts ParametersInterceptor ClassLoader Security Bypass” shoots up the index, now in third place with a global impact of 45%.
Top Malware Families
*The arrows relate to the change in rank compared to the previous month.
This month Emotet is still the most popular malware impacting 6% of organizations worldwide, closely followed by Formbook which impacts 3% of organizations and AgentTesla with a global impact of 2%.
Top Attacked Industries Globally
This month Education/Research is the most attacked industry globally, followed by Government/Military and Internet Service Providers & Managed Service Providers (ISP & MSP).
Top Exploited Vulnerabilities
This month “Web Server Exposed Git Repository Information Disclosure” is the most exploited vulnerability, impacting 46% of organizations globally, closely followed by “Apache Log4j Remote Code Execution” with a global impact of 46%. “Apache Struts ParametersInterceptor ClassLoader Security Bypass” is now in third place in the top exploited vulnerabilities list, with a global impact of 45%.
Top Mobile Malwares
This month AlienBot is the most prevalent mobile malware, followed by FluBot and xHelper.
Check Point’s Global Threat Impact Index and its ThreatCloud Map is powered by Check Point’s ThreatCloud intelligence. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide, over networks, endpoints and mobiles. The intelligence is enriched with AI-based engines and exclusive research data from Check Point Research, The Intelligence & Research Arm of Check Point Software Technologies.
The complete list of the top ten malware families in April can be found on the Check Point blog.
Follow Check Point Research via:
About Check Point Research
About Check Point Software Technologies Ltd.