Check Point Research 专家谈到 4 月份最活跃的恶意软件

The Check Point Research team of experts prepared a report on the most active threats and the most dangerous malware for April 2021. Researchers report that AgentTesla Trojan ranked second in the ranking for the first time, while Dridex is still in first place.

Dridex is often used at the initial stage of infection in ransomware operations, which are becoming more and more numerous. 例如, in March, researchers warned that in early 2021 the number of ransomware attacks increased by 57%.

唉, this trend continues to develop: in general, it has already shown an increase of 107% 与去年同期相比. 在 2020, 据专家介绍, the damage from ransomware worldwide amounted to about $20 billion, which is almost 75% higher than in 2019.

首次, AgentTesla has taken the second place in the company ranking. It is an advanced RAT (Remote Access Trojan) that has been infecting computers since 2014, acting as a keylogger and password stealer. The malware is capable of monitoring and collecting data entered from the victim’s keyboard, taking screenshots and extracting credentials related to various programs installed on the infected machine (including Google Chrome, 火狐浏览器, and Microsoft Outlook).

We’re seeing a huge increase in ransomware attacks around the world, so it’s no surprise that the most popular malware in April is associated with this trend. On average, every 10 秒, one organization in the becomes a victim of the ransomware. Hackers often use the names of well-known organizations for their attacks. This time they imitated the QuickBooks brand, an accounting software suite common in the United States. The malicious emails contained fake payment notifications and invoices. Organizations need to be aware of these risks and provide not only suitable security solutions, but also employee training. The human factor is still the most vulnerable link, so it is very important that employees can recognize phishing emails. It is through them that ransomware infections often occur, — representatives of Check Point Software Technologies said.

In the world, the situation looks like this:

  1. 德瑞德克斯 is a banking Trojan that infects Windows systems. It is spread using spam mailings and sets of exploits that use injections to steal personal data, as well as bank card data. Attacked 15% of organizations.
  2. 特工特斯拉an advanced RAT that has been attacking computers since 2014, acting as a keylogger and password stealer. It is capable of monitoring and collecting the victim’s keyboard input, taking screenshots and extracting credentials related to various programs installed on the victim’s computer (including Google Chrome, 火狐浏览器, and Microsoft Outlook). Attacked 12% of organizations.
  3. Trickbot is one of the dominant banking Trojans, which is constantly being enforced with new features, functions and distribution vectors. Trickbot is flexible and customizable malware that can be distributed through multipurpose campaigns. Attacked 8% of organizations.

Let me remind you that I also talked about the MountLocker 勒索软件, which uses the Windows API to navigate the network.

赫尔加·史密斯

我一直对计算机科学感兴趣, 特别是数据安全和主题, 现在被称为 "数据科学", 从我十几岁起. 在加入病毒清除团队担任主编之前, 我曾在多家公司担任网络安全专家, 包括亚马逊的一名承包商. 另一种体验: 我在雅顿大学和雷丁大学任教.

发表评论

本网站使用的Akismet,以减少垃圾邮件. 了解您的意见如何处理数据.

返回顶部按钮