ACSM
Top three malware in Australia revealed UPDATE
C
heck Point Research has published its latest Global Threat Index for February 2022. Researchers report that Emotet is still the most prevalent malware, impacting 2.69% of Australian organisations, with Formbook and Trickbot remaining in second and third place. Trickbot is a botnet and banking trojan that can steal financial details, account credentials, and personally identifiable information, as well as spread laterally within a network and drop ransomware. During 2021, it appeared at the top of the most prevalent malwares list seven times. During the past few weeks, however, Check Point Research, has noted no new Trickbot campaigns and the malware now remains in third spot in the index. This could be due in part to some Trickbot members joining the Conti ransomware group, as suggested in the recent Conti data leak. This month, CPR witnessed cybercriminals taking advantage of the Russia/Ukraine conflict in order to lure people to download malicious attachments, and February’s most prevalent malware, Emotet, has indeed been doing just this, with emails that contain malicious files and the subject “Recall: Ukraine -Russia Military conflict: Welfare of our Ukrainian Crew member”. “Currently we are seeing a number of malwares, including Emotet, take advantage of the public interest around the Russia/Ukraine conflict by creating email campaigns on the topic that lure people into downloading malicious attachments. It’s important to always check that a sender’s email address is authentic, look out for any
26 | Australian Cyber Security Magazine
misspellings in emails and don’t open attachments or click on links unless you are certain that the email is safe.” said Maya Horowitz, VP Research at Check Point Software. CPR revealed this month that Government/Military is the most attacked industry in Australia, followed by Hardware vendors and Education/Research.
Top Malware Families *The arrows relate to the change in rank compared to the previous month. This month, Emotet is still the most prevalent malware impacting 2.69% of organisations worldwide, closely followed by Formbook which is impacting 2.13% of organisations and Trickbot which is impacting 1.12%. 1. Emotet – Emotet is an advanced, self-propagating and modular Trojan. Emotet, once used as a banking Trojan, has recently been used as a distributer to other malware or malicious campaigns. It uses multiple methods for maintaining persistence and evasion techniques to avoid detection. In addition, it can be spread through phishing spam emails containing malicious attachments or links. 2. Formbook – Formbook is an Info Stealer that harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files according to its C&C orders.
