Nearly 12 months after law enforcement was supposed to shut down Emotet forever, the banking Trojan botnet – which reappeared in late 2021 – has firmly established itself as the most widespread malware in the wild, affecting 6% of organizations around the world last month, according to Check Point’s latest Global threat index.

Although this has been declining since March – probably because Microsoft has taken steps to limit its usual delivery methods by disabling specific macros in Office files – Emotet operators appear to have tested new delivery methods, and Emotet remains very useful as a vector for delivering other crap, including ransomware, so its popularity is essentially guaranteed.

The second and third most widely observed malware in April was Formbook, a Windows-based information theft information sold underground as malware as a service (MaaS); and Agent Tesla, a remote access (RAT) Trojan specializing in keylogging and info theft.

Another information thief, Lokibot, re-entered the number six rankings after a high-profile spam campaign. At the moment, info thieves seem to be more preferred than rats as Tesla’s agent, notes Check Point.

“As the cyber-threat landscape continues to evolve and large corporations such as Microsoft influence the parameters in which cybercriminals can operate, threat actors need to become more creative in the way they distribute malware, as evidenced by the new method of delivery, which is now used by Emotet, “said Maya Horowitz, vice president of research at Check Point.

“In addition, this month we witnessed the vulnerability of Spring4Shell, which appeared in the headlines. Although not yet on the list of the top 10 vulnerabilities, it is worth noting that over 35% of organizations around the world have already been affected by this threat in its first month alone, so we expect to see it up the list in the coming months. months. ”

Spring4Shell may indeed have generated headlines – and confusion – but as Horowitz noted, it is still much less exploited than many other vulnerabilities.

The three most exploited mistakes last month were sorted:

  1. Git Repository Disclosure Vulnerability that could allow inadvertent disclosure of account information affecting 46% of organizations worldwide;
  2. Log4Shell, which ended up being a remote code execution (RCE) vulnerability, affected 46% of organizations last month;
  3. And a series of CVEs discovered in Apache Struts that allow security circumvention, which affected 45% of organizations.

Elsewhere, the latest monthly Check Point data reveals that the most attacked sector is education and research, followed by government and the military, as well as ISPs and managed services (ISPs and SMEs).

The most common mobile malware currently is Alienbot, an Android MaaS that hacks into victims’ financial accounts and takes over the device; Flubot, another Android-focused malware that steals credentials and performs hacking operations on victim devices; and xHelper, malware that downloads other malicious applications and displays unwanted ads.

Previous articleWhy a remote workspace will prepare you for career success
Next articleBody Doubling: How the Gentle Productivity Movement Is Taking Over TikTok