Most Wanted Malware: Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading global provider of cybersecurity solutions, has released its Global Threat Index for November 2023. The report sheds light on emerging cybersecurity threats and trends observed during the month.
AsyncRAT Campaign and FakeUpdates Resurgence
Last month, researchers uncovered a new campaign involving AsyncRAT, a Remote Access Trojan (RAT) recognized for its discreet monitoring and control capabilities over computer systems. The malware, ranking sixth on the top ten list, utilized malicious HTML files distributed through email links to camouflage itself as a trusted application, evading detection. Simultaneously, the JavaScript downloader, FakeUpdates, re-entered the top malware list after a two-month hiatus. FakeUpdates employs compromised websites to deceive users into running fake browser updates, leading to further compromise by various other malware strains.
Maya Horowitz, VP of Research at Check Point Software, emphasized the importance of a layered security approach to counteract the deceptive simplicity used by threat actors, urging organizations to identify, prevent, and respond to novel attack vectors effectively.
Most Exploited Vulnerabilities
The “Command Injection Over HTTP” vulnerability took the lead as the most exploited, impacting 45% of global organizations. Following closely was the “Web Servers Malicious URL Directory Traversal” vulnerability affecting 42% of organizations worldwide, with “Zyxel ZyWALL Command Injection (CVE-2023-28771)” ranking third, impacting 41% globally.
Top Malware Families
Formbook emerged as the most prevalent malware with a global impact of 3%, followed by FakeUpdates at 2%, and Remcos at 1%. Formbook, an Infostealer targeting Windows OS, boasts strong evasion techniques and is marketed as Malware as a Service (MaaS). FakeUpdates, written in JavaScript, leads to additional compromise via various malware, including GootLoader, Dridex, NetSupport, DoppelPaymer, and AZORult.
Top-Attacked Industries Globally
The Education/Research sector remained the most attacked industry globally, followed by Communications and Government/Military.
Top Mobile Malware
Anubis retained its position as the most prevalent mobile malware, followed by AhMyth and SpinOk. Anubis, initially a banking Trojan for Android, has evolved to include Remote Access Trojan (RAT) functionality and other malicious features.
Check Point’s ThreatCloud, powered by intelligence from hundreds of millions of sensors worldwide, provides real-time threat intelligence enriched with AI-based engines and exclusive research data from Check Point Research. The ThreatCloud Map offers a comprehensive view of global cyber threats.