Emotet leads the checkpoint monthly threat chart

Probably about 12 months after law enforcement Shut down Emotet permanentlyBanking Trojan-Botnet- Reappeared at the end of 2021 – According to, it has affected 6% of organizations around the world in the past month, consolidating its position as the most prevalent malware in the wild. Check point latest Global Threat Index..

This has declined since March, probably because Microsoft has taken steps to block normal delivery methods. Disable certain macros in Office files – Emotet operator Seems to be testing a new shipping method And nevertheless, its popularity is inherently guaranteed, as Emotet continues to be very useful as a vector for delivering other nasty things, including ransomware.

The second and third most widely observed malware in April was Formbook. This is an information stealer targeting Windows that is sold underground as Malware as a Service (MaaS). Agent Tesla, a remote-access Trojan (RAT) that specializes in keyloggers and information theft.

Another information stealer, Lokibot, has re-appeared on the charts in 6th place following an influential spam campaign. Checkpoint has observed that Infostealers are now more favorable than RATs such as Agent Tesla.

“The cyber threat situation is constantly evolving, and as large companies such as Microsoft influence the controllable parameters of cyber criminals, threat actors need to be more creative in how malware is distributed. This is evident in the new delivery method currently being adopted. “Emotet,” said Maya Horowitz, Vice President of Research at CheckPoint.

“In addition, I witnessed this month Spring4Shell vulnerability Make a headline. Although not yet on the top 10 list of vulnerabilities, it’s worth noting that more than 35% of organizations around the world are affected by this threat in the first month alone. Therefore, it is expected that this threat will be on the list in the future. A few months. “

Spring4Shell could certainly have generated a headline – And confusion – But, as Horowitz pointed out, it is far less widely exploited than many other vulnerabilities.

The top three most exploited bugs last month are:

  1. A Git repository disclosure vulnerability that could allow unintended disclosure of account information. It affects 46% of organizations around the world.
  2. Log4ShellThis is ultimately a Remote Code Execution (RCE) vulnerability that affected 46% of organizations last month.
  3. In addition, the set of CVEs disclosed in Apache Struts enables security bypass that affected 45% of organizations.

Elsewhere, Checkpoint’s latest monthly data reveals that the most attacked sectors are education and research, followed by government and military, Internet and managed service providers (ISPs and MSPs). increase.

The most prevalent mobile malware today is Alienbot, an Android MaaS that breaks into a victim’s financial account and hijacks the device. Flubot is another Android-focused malware that steals credentials and performs smishing operations from the victim’s device. xHelper is malware that downloads other malicious apps and displays unwanted ads. Emotet leads the checkpoint monthly threat chart

Back to top button