Banking Trojan Qbot is out of rank
Check Point Software Technologies, Inc. Threat intelligence from Check Point Software Technologies Ltd., NASDAQ: CHKP, a comprehensive cybersecurity platformer, https://www.checkpoint.co.jp/ Check Point Research (CPR), the research division, has released the August 2021 report, the Global Threat Index. In this report, Trickbot, which had been the leader for three consecutive months, has fallen to second place, making Formbook the most detected malware. In August, the banking Trojan Qbot, which is said to be inactive every summer, disappeared from the top 10 regulars. Meanwhile, Remcos, a remote-access trojan tree (RAT) horse, was ranked 6th for the first time in 2021. Formbook was first detected in 2016 and downloads files through commands from a command and control (C & C) server, as well as obtaining credentials from various web browsers, collecting screenshots, monitoring and recording keystrokes, and more. It is malware that can be executed. Recently, it has been distributed via campaigns and phishing emails related to the new coronavirus, and the July 2021 CPR report (https://research.checkpoint.com/2021/top-prevalent-malware-with). According to -a-thousand-campaigns-migrates-to-macos /), XLoader, a new variant of malware derived from Formbook, is also targeting macOS users. Maya Horowitz, VP of Research at Check Point, said: "The Formbook is coded in C with assembly language inserted and contains various tricks that avoid detection and make it difficult for researchers to parse. Many are expanded by phishing emails and attachments, so Staying alert to emails from unfamiliar senders and suspicious emails is the best way to prevent Formbook infections. As always, emails that feel suspicious are somehow suspicious. It should be considered dangerous. ”In this report, the most exploited vulnerability this month was“ Information Leakage in Git Repositories on Web Servers, ”45 of companies and organizations around the world. % Has revealed that it was affected by this vulnerability. The next most common vulnerability is "HTTP header remote code execution" (43%), followed by "Authentication bypass in Dasan GPON router" (40%). Top 3 malware families in August: * Arrows show changes from the previous month's rankings. Formbook is the most heavily used malware this month, affecting 4.5% of businesses and organizations around the world. The next most common were Trickbot and Agent Tesla, with 4% and 3% of organizations affected, respectively.- ↑ Formbook-Information theft malware Formbook is malware that can obtain authentication information from various web browsers, collect screenshots, monitor and record keystrokes, and download and execute files through instructions from the C & C server. is.
- ↓ Trickbot—The modular botnet banking Trojan Trickbot has been repeatedly updated to gain new abilities, features and distribution vectors. It is a highly flexible and customizable malware such as distributed as part of a multipurpose campaign.
- ↑ Agent Tesla—Agent Tesla is an advanced remote access Trojan (RAT) with keylogger and password theft capabilities. Monitors the victim's keyboard input and system clipboard to collect information, take screenshots, and software installed on devices such as PCs (Google Chrome, Mozilla Firefox, Microsoft Outlook email clients, etc.) It leaks authentication information.
Top 3 Vulnerabilities in August 2021: "Information Leakage in Git Repositories on Web Servers" is the most frequently exploited vulnerability this month, affecting 45% of companies and organizations around the world. .. The next most common is the vulnerability "HTTP header remote code execution" that affected 43% of the world, and the third is "Authentication bypass in Dasan GPON router" of 40%.- ↔ Information Leakage in Git Repository on Web Server-Information Leakage Vulnerability Found in Git Repository. If this vulnerability is exploited, account information may be unintentionally leaked.
- ↔ HTTP Header Remote Code Execution (CVE-2020-10826, CVE-2020-10827, CVE-2020-10828, CVE-2020-13756) —The HTTP Header allows clients and servers to send and receive additional information through HTTP requests. It has become. An attacker could manipulate the vulnerable HTTP headers to remotely execute arbitrary code on the victim's device.
- ↑ Authentication bypass in Dasan GPON router (CVE-2018-10561) -An authentication bypass vulnerability exists in the Dasan GPON router. Exploitation of this vulnerability could allow remote theft of sensitive information and unauthorized access to the system in question.
Top 3 Mobile Malware in August 2021: This month, XHelper was the most detected mobile device malware, overcoming AlienBot and FluBot.- xHelper ― xHelper is a malicious application that has been on the market since March 2019, and downloads other malicious applications and displays advertisements. Even if you enter the mobile device without being noticed by the user and uninstall it, it may be reinstalled without permission.
- AlienBot—The AlienBot Malware family is a “MaaS as a Service” for Android that allows cyber attackers to remotely inject and base malicious code into legitimate financial applications. The attacker gains access to the victim's account information and ultimately gains full control of the device.
- FluBot—FluBot is a botnet malware for Android that is mainly distributed by phishing SMS that tricks courier companies. If the user clicks on the link in the message, FluBot will begin the installation and gain unauthorized access to any personal information on the mobile phone.
The basis of the Global Threat Index is the Threat Cloud threat intelligence information operated by Check Point. ThreatCloud Threat Intelligence provides real-time threat intelligence with hundreds of millions of sensors across networks, endpoints and mobile devices around the world. This intelligence is underpinned by an AI-based engine and research data held exclusively by CPR. A detailed list of the top 10 malware in August can be found on the Checkpoint blog (https://blog.checkpoint.com/). Follow Check Point Survey Results Blog ... https://research.checkpoint.com/ Twitter ... https://twitter.com/_cpresearch_ About Check Point Research Check Point Research is a Check Point software customer. And the Threat Information Community, which provides the latest cyber threat intelligence information. We collect and analyze data on cyber attacks around the world stored in ThreatCloud, track hackers, and develop protections for our products. Over 100 analysts and researchers work on cybersecurity measures in collaboration with security vendors, law enforcement agencies, and CERT organizations. About Check Point Check Point Software Technologies (https://www.checkpoint.com/) is a leading provider of cybersecurity solutions for any organization, including government agencies and businesses around the world. Protect your network from a wide range of fifth-generation cyberattacks, including malware and ransomware, with industry-leading detection rates and advanced solutions. Equipped with a multi-level security architecture for 5th generation threats to protect information stored in corporate clouds, networks and mobile devices from all threats, including today's 5th generation cyberattacks. We are developing a comprehensive and centralized security management system that is intuitive and easy to operate. More than 100,000 organizations and companies around the world use Check Point Software Technologies security products. Check Point Software Technologies, Inc. (https://www.checkpoint.com/jp/), a Japanese subsidiary wholly owned by Check Point Software Technologies, was established on October 1, 1997, in Minato-ku, Tokyo. Based in. * The following is special information limited to media personnel. Please refrain from disclosing information on personal SNS etc. This press release contains information for the media.
If you register as a media user, you can view various special information such as contact information of the person in charge of the company and information on events and press conferences. * Contents vary depending on the press release.
- Press Release>
- Check Point Software Technologies, Inc.>
- August's most detected malware, information theft malware "Formbook" ranked first
