Check Point Research, the Threat Intelligence division of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a specialist global cybersecurity provider, has released its Global Threat Index for the month of April.
Researchers report that Emotet, an advanced, self-propagating, modular Trojan, remains the most prevalent malware this month, affecting 6% of organizations worldwide. It is the only one that remains in its position and the rest of the list has indeed changed: Tofsee and Nanocore are out and have been replaced by Formbook and Lokibot, which are now the moment and sixth most prevalent malware, respectively.
Emotet’s 10% rise in March was mainly due to particular Easter-themed scams, but April’s decline could also be explained by Microsoft’s decision to disable particular macros associated with Office files, which affects how in which Emotet is normally distributed. In fact, there are reports highlighting a new delivery method: the use of phishing emails containing a OneDrive URL. Emotet has many uses once it manages to bypass a computer’s protections and also offers other malware to cybercriminals on Darknet forums, including banking Trojans, ransomware, botnets, etc. As a result, once Emotet finds a breach, the consequences can vary depending on the malware that manages to get in.
On the other hand, Lokibot, a Stealer, has re-entered the list in sixth place after a high-impact spam campaign that distributed the malware via xlsx files that looked like legitimate invoices. Added to this is the rise of Formbook and both have had a strong effect on the position of other malware, such as the AgentTesla Advanced Remote Access Trojan (RAT), which has dropped to third place.
In late March, critical vulnerabilities were found in the Java Spring Framework, known as Spring4Shell, and since then, numerous cybercriminals have exploited the threat to spread Mirai, the ninth most prevalent malware this month.
“With the ever-evolving cyber threat landscape, and with large corporations like Microsoft influencing the parameters in which cybercriminals can operate, threat actors are having to be more creative in how they distribute malware, which is evident in the new delivery method that Emotet now employs,” says Eusebio Nieva, Technical Director of Check Point Software for Spain and Portugal. “Furthermore, this month we have seen the Spring4Shell vulnerability make headlines. Although it is not yet on the list of the top ten threats, it should be famous that it has affected more than 35% of companies around the world in its first month alone, so it is likely that it will climb positions in the coming months”, concludes Nieva .
In April, the Education/Research sector continues to be the most attacked worldwide. “Git web server information disclosure” has been the most exploited and common vulnerability – it has affected 46% of companies worldwide – closely followed by “Apache Log4j Remote Code Execution”. “Apache Struts ParametersInterceptor ClassLoader Security Bypass” soars in the index, rising to third place with an overall impact of 45%.