Check Point Research experts talked about the most active malware in April

The Check Point Research team of experts prepared a report on the most active threats and the most dangerous malware for April 2021. Researchers report that AgentTesla Trojan ranked second in the ranking for the first time, while Dridex is still in first place.

Dridex is often used at the initial stage of infection in ransomware operations, which are becoming more and more numerous. 例如, in March, researchers warned that in early 2021 the number of ransomware attacks increased by 57%.

Alas, this trend continues to develop: in general, it has already shown an increase of 107% compared to the same period last year. In 2020, 據專家介紹, the damage from ransomware worldwide amounted to about $20 billion, which is almost 75% higher than in 2019.

For the first time, AgentTesla has taken the second place in the company ranking. It is an advanced RAT (Remote Access Trojan) that has been infecting computers since 2014, acting as a keylogger and password stealer. The malware is capable of monitoring and collecting data entered from the victim’s keyboard, taking screenshots and extracting credentials related to various programs installed on the infected machine (including Google Chrome, Mozilla Firefox瀏覽器, and Microsoft Outlook).

We’re seeing a huge increase in ransomware attacks around the world, so it’s no surprise that the most popular malware in April is associated with this trend. On average, every 10 seconds, one organization in the becomes a victim of the ransomware. Hackers often use the names of well-known organizations for their attacks. This time they imitated the QuickBooks brand, an accounting software suite common in the United States. The malicious emails contained fake payment notifications and invoices. Organizations need to be aware of these risks and provide not only suitable security solutions, but also employee training. The human factor is still the most vulnerable link, so it is very important that employees can recognize phishing emails. It is through them that ransomware infections often occur, — representatives of Check Point Software Technologies said.

In the world, the situation looks like this:

  1. Dridex is a banking Trojan that infects Windows systems. It is spread using spam mailings and sets of exploits that use injections to steal personal data, as well as bank card data. Attacked 15% of organizations.
  2. AgentTeslaan advanced RAT that has been attacking computers since 2014, acting as a keylogger and password stealer. It is capable of monitoring and collecting the victim’s keyboard input, taking screenshots and extracting credentials related to various programs installed on the victim’s computer (including Google Chrome, Mozilla Firefox瀏覽器, and Microsoft Outlook). Attacked 12% of organizations.
  3. Trickbot is one of the dominant banking Trojans, which is constantly being enforced with new features, functions and distribution vectors. Trickbot is flexible and customizable malware that can be distributed through multipurpose campaigns. Attacked 8% of organizations.

Let me remind you that I also talked about the MountLocker ransomware, which uses the Windows API to navigate the network.

黑尔加·史密斯

我一直對電腦科學感興趣, 尤其是數據安全和主題, 而家被稱為 "數據科學", 由我十幾歲開始. 在進入病毒清除團隊擔任主編之前, 我曾喺多傢公司擔任網絡安全專家, 包括亞馬遜嘅承包商之一. 另一種體驗: 我在雅頓大學同雷丁大學任教.

留言

本網站使用Akismet嚟減垃圾郵件. 瞭解如何處理評論數據.

“返回頂部”按鈕