Researchers have reported that Revenge RAT, a Trojan that targets the Windows platform, was the most prevalent malware—targeting six percent of UAE businesses—in March 2022 while Emotet was in second place by impacting five percent.
Check Point Research (CPR), the Threat Intelligence arms of Check Point® Software Technologies Ltd., a leading provider of cyber security solutions globally , has published the statistics in its latest Threat Index for March 2022.
“In recent years, technology has advanced to the point where cybercriminals are increasingly relying on human trust to hack corporate networks. In the last six months, an organisation in the UAE has been targeted an average of 792 times per week, with 95 percent of malicious files delivered by email in the last 30 days,” said Ram Narayanan, Country Manager at Check Point Software, Middle East.
“The fact that cyber criminals are using themed phishing emails around seasonal holidays to exploit the excitement surrounding the festivities to lure victims, is a proof that cyber criminals have become relentless in their actions. Revenge RAT has replaced the intensity with which Emotet attacked UAE businesses, so it is imperative that organisations take immediate action to avoid becoming the next victims.”
Remote access trojans (RATs) are malware designed to allow an attacker to remotely control an infected computer. Once the trojan is running on a compromised system, the attacker can send commands to it and receive data back in response. Revenge RAT was the most prevalent malware in the UAE this month. It accepts commands from a remote server to collect system information, run/update files from links or disks, load plugins and close/restart the malware among other malicious activities. Additionally, it creates a Run key Registry entry on the infected system and a shortcut under the user’s Startup folder to achieve persistence.
Emotet, the self-propagating and modular trojan, is second in the top malware index for the UAE. Emotet distributes other malware or malicious campaigns and uses multiple methods for maintaining persistence and evasion techniques to avoid detection. Since its return in November last year and the recent news that Trickbot has shut down, Emotet has been strengthening its position as the most prevalent malware worldwide. This was solidified this month as many aggressive email campaigns have been distributing the botnet, including various Easter-themed phishing scams exploiting the buzz of the festivities. These emails were sent to victims all over the world with one such example using the subject “buona pasqua, happy easter” yet attached to the email was a malicious XLS file to deliver Emotet.
CPR also revealed this month that Healthcare is the most attacked industry in the UAE, followed by Finance/Banking and Retail/Wholesale industries. “Remote Code Execution” is now the most commonly exploited vulnerability, impacting 56 percent of organisations in the UAE, while “Information Disclosure” takes the second spot, impacting 54 percent of organisations. “Authentication Bypass” vulnerability keeps a hold of third place with a global impact of 44 percent.
