A spam campaign which targeted over 100,000 users a day over Christmas and New Year has seen Emotet secure its spot as the most prolific malware threat.
Analysis by cybersecurity company Check Point suggests that Emotet was used to target seven percent of organisations around the world during December.
Emotet has been active since 2014 and is regularly updated by its authors in order to maintain its effectiveness. The malware started life as a banking trojan but has evolved to become much more than that, providing a complete backdoor onto compromised machines which can then be sold on to other cyber criminals to infect victims with additional malware – including ransomware.
While Emotet has worm-like capabilities which allows it to move onto other machines on the same network as the initial victim, it also spreads via the use of phishing emails. But no matter how it arrives, Emotet is excellent at maintaining persistence while also avoiding detection, meaning victims will often have no idea they’ve been compromised until it’s far too late.
“Emotet was originally developed as banking malware which sneaked on to users’ computers to steal private and sensitive information. However, it has evolved over time and is now seen as one of the most costly and destructive malware variants,” said Maya Horowitz, director of threat intelligence and research at Check Point.
“It’s imperative that organizations are aware of the threat Emotet poses and that they have robust security systems in place to prevent a significant breach of their data. They should also provide comprehensive training for employees, so they are able to identify the types of malicious emails which spread Emotet,” she added.
Banking trojan Trickbot is the second most dominant form of malware as we enter 2021. Like Emotet, it’s constantly updated with new capabilities and features, including the ability to customise the malware which allows it to be used in all manner of cyber intrusion campaigns. Like Emotet, Trickbot has become more than a banking trojan and is often installed on systems as a means of providing a gateway to install ransomware.
Credential harvesting malware Formbook was the third most detected malware threat over the reporting period. Formbook is sold on dark web forums at relatively low cost but provides cyber criminal users with everything they need for a powerful information stealing campaign; it harvests usernames and passwords from browsers, collects screenshots, monitors and logs keystrokes and more.
According to Check Point, Trickbot and Formbook campaigns were detected attempting to infiltrate the networks of four percent of organisations around the world each.
Other prominent malware during December included Dridex trojan, XMRig cryptocurrency mining malware and Hiddad Android malware.
One of the best ways for businesses to help prevent falling victim to malware attacks is to ensure the latest security patches are applied across the network as this will prevent cyber attackers from being able to take advantage the known vulnerabilities which cyber criminals exploit to deliver malware.
READ MORE ON CYBERSECURITY
