Most dangerous malware in December 2021: Trickbot, Emotet, and the Log4j Pandemic

News Desk -

Share

Check Point Research, Check Point Software Technologies Ltd.’s Threat Intelligence branch, has released its newest Global Threat Index for December 2021. In a month that saw the Apache Log4j vulnerability spread across the internet, researchers found that Trickbot is still the most common malware in the UAE, infecting 8% of businesses in December 2021, up from 7% in November 2021. Emotet, which has lately resurrected, has quickly gone from tenth to second place, with an aim of roughly 3% of organizations in the UAE by November 2021. Education/Research continues to be the most targeted industry, according to CPR.

The top exploited vulnerability this month is “Apache Log4j Remote Code Execution,” which affects 48.3 percent of enterprises worldwide. The vulnerability was first discovered on December 9th in the Apache logging package Log4j, which is the most popular Java logging library, with over 400,000 downloads from its GitHub project. The flaw spawned a new disease, affecting nearly half of all businesses worldwide in a short period of time. Cryptojackers and other malware can be executed on compromised servers by exploiting weak programmes. Until far, the majority of attacks have centred on the use of cryptocurrency mining at the expense of the victims, but advanced attackers have begun to act aggressively and exploit the breach on high-quality targets.

   “The security landscape is becoming more complex and strenuous to determine. We recently witnessed Log4j, one of the most serious vulnerabilities we have ever encountered, and due to the complexity in patching it and its easiness to exploit, it is likely to stay with us for many years to come unless companies take immediate action to prevent attacks,” said Ram Narayanan, Country Manager at Check Point Software Technologies, Middle East.

He added, “This month we have also seen the Emotet botnet move from the eighth most prevalent malware in the UAE to the second. As assumed, it did not take much time for Emotet to build a strong foundation since it reappeared in November. It is evasive and is spreading fast via phishing emails with malicious attachments or links. According to Check Point Software’s latest threat intelligence report, 84% of the malicious files in United Arab Emirates were delivered via email in the last 30 days. It is now more important than ever to have a robust email security solution in place and to ensure that users know how to identify suspicious-looking messages or attachments.”  

 Education/Research is the most targeted industry internationally, according to CPR, followed by Government/Military and ISP/MSP. The most widely exploited vulnerability is “Apache Log4j Remote Code Execution,” which affects 48.3 percent of enterprises worldwide, followed by “Web Server Exposed Git Repository Information Disclosure,” which affects 43.8 percent of organisations worldwide. With a global effect of 41.5 percent, “HTTP Headers Remote Code Execution” remains in third position on the list of the most exploited vulnerabilities.

Top malware families

*The arrows relate to the change in rank compared to the previous month.

This month, Trickbot is the most popular malware impacting almost 8% of organizations in the UAE, followed by Emotet with close to 3% and Formbook with an impact of 2%.

1. Trickbot– Trickbot is a modular Botnet and Banking Trojan with new capabilities, features, and distribution vectors being added all the time. Trickbot may now be deployed as part of multi-purpose campaigns because it is adaptable and customizable.

2. Emotet — Emotet is a sophisticated, self-propagating Trojan. Emotet was previously a banking Trojan, but it is now primarily used as a distribution platform for other malware or malicious activities. It employs a variety of persistence mechanisms as well as evasion techniques to evade discovery. It can also spread via phishing spam emails that contain dangerous attachments or links.

3. Formbook – Formbook is an InfoStealer that steals credentials from a variety of online browsers, takes screenshots, monitors and logs keystrokes, and can download and execute files based on its C&C.

Check Point’s ThreatCloud intelligence powers the Global Threat Impact Index and the ThreatCloud Map. ThreatCloud delivers real-time threat intelligence from hundreds of millions of sensors across networks, endpoints, and mobile devices all around the world. Check Point Research, Check Point Software Technologies’ intelligence and research arm, has added AI-based engines and proprietary research data to the intelligence.