According to the latest Global Threat Index for April 2021, published by Check Point Research (CPR), the Threat Intelligence arm of Check Point Software Technologies Ltd – AgentTesla has ranked second in the Index, while the established Dridex trojan is still the most prevalent malware, having risen to the top spot in March after being seventh in February.
This month, Dridex, a Trojan that targets the Windows platform, spread via QuickBooks Malspam Campaign. The phishing emails used QuickBooks’s branding and were trying to lure the user with fake payment notifications and invoices. The email content asked to download a malicious Microsoft Excel attachment that could cause the system to be infected with Dridex.
This malware is often used as the initial infection stage in ransomware operations where hackers will encrypt an organization’s data and demand a ransom in order to decrypt it. Increasingly, these hackers are using double extortion methods, where they will steal sensitive data from an organization and threaten to release it publicly unless a payment is made. CPR reported in March that ransomware attacks had seen a 57% increase in the beginning of 2021, but this trend has continued to spike and has completed a 107% increase from the equivalent period last year.
Most recently, Colonial Pipeline, a major US fuel company, was the victim of such an attack and in 2020, it is estimated that ransomware cost businesses worldwide around $20 billion – a figure that is nearly 75% higher than in 2019.
“While we are witnessing a huge increase in ransomware attacks worldwide, it’s no surprise that this month’s top malware is related to the trend. On average every 10 seconds globally, an organization becomes a victim of ransomware,” said Maya Horowitz, Director, Threat Intelligence & Research, Products at Check Point. “Recently there have been calls for governments to do more about this growing threat, but it is showing no signs of slowing down. All organizations need to be aware of the risks and ensure adequate anti-ransomware solutions are in place. Comprehensive training for all employees is also crucial, so they are equipped with the skills needed to identify the types of malicious emails that spread Dridex and other malwares, as this is how many ransomware exploits start.”
CPR also revealed that “Web Server Exposed Git Repository Information Disclosure” is the most common exploited vulnerability, impacting 46% of organizations globally, followed by “HTTP Headers Remote Code Execution (CVE-2020-13756)” which impact 45.5% of organizations worldwide. “MVPower DVR Remote Code Execution” ranks in third place in the top exploited vulnerabilities list, with a global impact of 44%.