Check Point analysts prepared a traditional monthly report on the most active threats, the Global Threat Index. Greta Thunberg and Christmas became the most popular topics in spamming and phishing campaigns.
For already three months, the Emotet Trojan has occupied one of the leading positions among malware: in December, Emotet affected 13% of organizations worldwide, comparing with 9% in November.
Basically, the trojan is distributed through spam mailings, which exploit the most relevant topics in the headings today. In December, for example, among them were: “Support Greta Thunberg – Time Person of the Year 2019” and “Christmas Party!”.
“The emails in both campaigns contained a malicious Microsoft Word document. When it is opened, it tried to download Emotet on the victim’s computer. Ransomware and other malware can spread through Emotet”, – reported Check Point specialists.
In December also significantly increased use of remote command injection via HTTP: 33% of organizations worldwide suffered this. If the criminals managed to exploit the vulnerability, the DDoS botnet payload entered the victims’ machines. The malicious file used in the attacks also contained a number of links to payloads, exploiting vulnerabilities in different IoT devices.
Devices of manufacturers such as D-Link, Huawei and RealTek were potentially vulnerable to these attacks.
“Over the past three months, the main threats have been universal multipurpose malware, such as Emotet and xHelper. They give cybercriminals many opportunities to monetize attacks, as they can be used to distribute ransomware or spread new spam campaigns. The goal of criminals is to penetrate and gain a foothold in the largest possible number of organizations and devices, so that subsequent attacks are more profitable and destructive. Therefore, it is very important that organizations inform their employees about the risks of opening and downloading email attachments or clicking on links that do not come from a reliable source”, – say experts at Check Point Software Technologies.
The most active threats of December 2019:
- Emotet – Emotet is an advanced, self-propagating and modular Trojan. Emotet used to be a banking Trojan, but recently has been used as a distributor of other malware or malicious campaigns. It uses multiple methods for maintaining persistence and evasion techniques to avoid detection. In addition, it can be spread through phishing spam emails containing malicious attachments or links.
- XMRig – XMRig is an open-source CPU mining software used for mining Monero cryptocurrency, first seen in-the-wild on May 2017.
- Trickbot – Trickbot is a dominant banking Trojan constantly being updated with new capabilities, features and distribution vectors. This enables Trickbot to be a flexible and customizable malware that can be distributed as part of multi purposed campaigns.
The most active mobile threats in December 2019:
- xHelper – active since March 2019, and was used to download other malicious applications and display ads. The application is able to hide from the user and antivirus programs, and reinstall itself if the user uninstalls it.
- Guerilla – a clicker that can interact with the management server, download additional malicious plugins and aggressively boost clicks on ads without the consent or knowledge of the user.
- Hiddad is a modular backdoor for Android, which provides superuser rights to various malware, and also helps to introduce it into system processes. It can access key security mechanisms built into the OS, which allows it to receive confidential user data.
In the report by Any.Run, an interactive service for automated malware analysis, Emotet was named the main threat for the entire 2019.