Trickbot and Emotet Trojans, Leading the Global Threat Index, Used to Spread Ransomware
The Check Point Research team published the Global Threat Index report with the most active threats in October 2020. Researchers report that the Trojans Trickbot and Emotet continue to top the top malware rankings in October. They have caused a sharp increase in the number of ransomware attacks on hospitals and medical facilities around the world.
Healthcare became the top target for ransomware in the United States in October, according to Check Point , with attacks increasing 71% since September 2020. Similarly, ransomware attacks on healthcare organizations and hospitals in October increased by 36% in Europe, the Middle East and Africa and 33% in Asia-Pacific.
Attackers also frequently attacked Russian medical organizations. For six months, the number of attacks on Russian medical organizations accounted for 3% of all attacks on medical organizations around the world.
In September, researchers also reported that the Russian-speaking group OldGremlin was associated with at least nine ransomware attacks this year on medical laboratories, banks, manufacturers and software developers in Russia. A large Russian medical company affected by hackers paid a ransom of $ 50,000 in cryptocurrency.
The world’s most active malware in October 2020:
Emotet remains the most prevalent malware in October, affecting 12% of organizations worldwide. He was followed by Trickbot and Hiddad , which attacked 4% of organizations each.
- Emotet is an advanced self-propagating modular Trojan. Emotet was once a common banking Trojan and has recently been used to further spread malware and campaigns. The new functionality allows you to send phishing emails containing malicious attachments or links.
- Trickbot is one of the dominant banking Trojans, which is constantly being supplemented with new capabilities, functions and distribution vectors. It is flexible and customizable malware that can be distributed through multi-targeting campaigns.
- Hiddad – A modular backdoor for Android that grants root privileges to downloaded malware and helps inject it into system processes. It can access key security details built into the OS, allowing it to retrieve sensitive user data.
The most common vulnerabilities in October 2020:
- Remote code execution MVPower DVR. A remote code execution vulnerability exists in MVPower DVR devices. An attacker could exploit this vulnerability to execute arbitrary code on an affected router using a specially crafted request.
- Dasan GPON Router Authentication Bypass (CVE-2018-10561) is an authentication bypass vulnerability that exists in Dasan GPON routers. Successful exploitation of this vulnerability could allow remote attackers to gain confidential information and gain unauthorized access to an affected system.
- Remote Code Execution in HTTP Headers ( CVE -2020-13756) – HTTP headers allow the client and server to pass additional information using an HTTP request. An attacker could use a vulnerable HTTP header to run arbitrary code on the victim’s device.
The most active mobile threats in October 2020:
This month, Hiddad became the most popular malware for mobile devices. It is followed by xHelper and Lotoor.
- Hiddad – A modular backdoor for Android that grants root privileges to downloaded malware and helps inject it into system processes. It can access key security details built into the OS, allowing it to retrieve sensitive user data.
- xHelper is a malicious Android application that has been active since March 2019 and is used to download other malicious applications and display ads. The application is capable of hiding from user and mobile antivirus programs and reinstalling if the user uninstalls it.
- Lotoor – the program uses vulnerabilities in the Android operating system to gain privileged root access on jailbroken mobile devices.