Check Point Software Technologies has released its latest October 2022 Global Threat Index, revealing the latest cyber threat news.
This month, AgentTesla Keylogger ranked first as the most prevalent malware, affecting 7% of organizations worldwide. The number of attacks by the infostealer Lokibot, which reached third place for the first time in five months, has increased significantly. In addition, Text4Shell, a new vulnerability affecting the Apache Commons text library, was disclosed.
Lokibot is a commodity info-stealer designed to collect credentials from a variety of applications including: web browsers, email clients, and IT management tools. As a Trojan, its goal is to sneak into a system undetected by posing as a legitimate program. It can be distributed via phishing emails, malicious websites, SMS and other messaging platforms.
According to Check Point, the rise in popularity can be explained by the increase in spam campaigns targeting online inquiries, orders, and payment confirmation messages.
A new critical vulnerability, Text4Shell, (CVE-2022-42889) was also announced in October. Based on Apache Commons Texts functionality, this allows attacks across a network without requiring specific permissions or user interaction.
Text4shell recalls the Log4Shell vulnerability, which is still one of the top threats a year later and ranks second in the October list. Although Text4Shell did not make the list of top exploited vulnerabilities this month, more than 8% of organizations worldwide are already affected, according to Check Point.
Maya Horowitz, VP Research at Check Point Software, says, “We’ve seen many changes in the rankings this month, with a new set of malware families forming the big three. What’s interesting is that Lokibot has climbed back up to third place so quickly, showing an increasing trend towards phishing attacks.
“As we head into November, which is a busy shopping season, it’s important that people remain vigilant and on the lookout for suspicious emails that may contain malicious code. Watch out for signs like an unknown sender asking for personal information and links. If in doubt, visit websites directly and find relevant contact information from verified sources and make sure you have anti-malware protection installed.”
It also revealed that Web Server Exposed Git Repository Information Disclosure is the top exploited vulnerability, affecting 43% of organizations worldwide, closely followed by Apache Log4j Remote Code Execution with a 41% impact.
In October, education/research remained the number one most attacked industry worldwide.
When it comes to mobile malware, this month Anubis claimed first place as the most prevalent mobile malware, followed by Hydra and Joker.
- Anubis: Anubis is a banking Trojan malware designed for Android mobile phones. Since its initial detection, it has gained additional features including Remote Access Trojan (RAT) functionality, keylogger and audio recording capabilities, and various ransomware functions. It has been recognized in hundreds of different applications available on Google Store.
- Hydra: Hydra is a banking Trojan designed to steal financial information by asking victims to enable dangerous permissions.
- Joker: Joker is an Android spyware on Google Play designed to steal SMS messages, contact lists and device information. The malware can also enroll the victim in paid premium services without their consent or knowledge.
Check Point’s Global Threat Impact Index and ThreatCloud Map are powered by Check Point’s ThreatCloud intelligence. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide across networks, endpoints, and mobile devices. The intelligence is powered by AI-based engines and research data from Check Point Research, the intelligence and research arm of Check Point Software Technologies.
#Check #Point #uncovers #malware #affecting #businesses