CISA & ACSC Name 2021’s Top Malware

Uploaded on 2022-08-17 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

 The US Cybersecurity and Infrastructure Security Agency (CISA) released a list of the most detected 2021 malware strains in a joint advisory with the Australian Cyber Security Centre (ACSC). 

The cyber security agencies said that in 2021, the top malware types included remote access Trojans (RATs), banking Trojans, information stealers and ransomware. 

CISA and ACSC have been monitoring ransomware, rootkits, spyware, trojans, viruses, and worms and the top malware strains observed in 2021 include Agent Tesla, AZORult, Formbook, Ursnif, LokiBot, MOUSEISLAND, NanoCore, Qakbot, Remcos, TrickBot, and GootLoader.

Of these, Agent Tesla, AZORult, Formbook, LokiBot, NanoCore, Remcos, and TrickBot have been used in attacks for at least the last five years, while Qakbot and Ursnif have been used for over a decade.

These malware families' longevity is due to their developers' ongoing efforts to upgrade them by adding new capabilities and ways to evade detection.  

"Most of the top malware strains have been in use for more than five years with their respective code bases evolving into multiple variations," the cyber security agencies said. "The most prolific malware users of the top malware strains are cyber criminals, who use malware to deliver ransomware or facilitate theft of personal and financial information. Developers of these top 2021 malware strains continue to support, improve, and distribute their malware over several years. Malware developers benefit from lucrative cyber operations with low risk of negative consequences," the agencies added. "Many malware developers often operate from locations with few legal prohibitions against malware development and deployment."

Malware Security Suggestions 

The joint advisory includes Snort signatures for all malware in the top to detect payloads by monitoring network traffic and a list of mitigation measures. CISA and ACSC encourage admins and security teams to apply the following mitigations to defend against malware attacks:

  • Update software, including operating systems, applications, and firmware, on I.T. network assets.
  • Enforce MFA to the greatest extent possible.
  • If you use RDP and/or other potentially risky services, secure and monitor them closely.
  • Maintain offline, physically disconnected, backups of data.
  • Provide end-user awareness and training to help block social engineering and spear phishing attacks.
  • Implement network segmentation to separate network segments based on role and functionality

To mitigate the risk of malware attacks, organisations are strongly advised to train employees and users to be alert the sources of malware and remedial actions to take once infection is identified.

CISA:     ACS:   The Record:    Security MagazineCybersecurity Dive:   Bleeping Computer:   SC Magazine:  

You Might Also Read:

A Short Guide To Ransomware:

 

« Cyber Attack On London Crypto Exchange
Killnet Turn Their Attention To Lockheed Martin »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

Watch this webinar and get a comprehensive roadmap for securely adopting generative AI using Amazon Bedrock, a fully managed service that offers a choice of high-performing foundation models (FMs).

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CORDIS

CORDIS

CORDIS is the European Commission's primary public repository and portal to disseminate information on all EU-funded research projects and their results.

ABB

ABB

ABB is a pioneering technology leader in industrial digitalization. Services include cyber security for industrial control systems IoT.

Pradeo

Pradeo

Pradeo Security offers a complete, automatic and seamless protection to mobile devices and applications, aligned with your organization security policy while preserving business agility.

Sequitur Labs

Sequitur Labs

Sequitur Labs is developing seminal technologies and solutions to secure and manage connected devices of today and in the future.

Corsa Security

Corsa Security

Corsa Security is leading the transformation of network security with a private cloud approach that helps scale network security services with unwavering performance and flexibility.

DAkkS

DAkkS

DAkkS is the national accreditation body for Germany. The directory of members provides details of organisations offering certification services for ISO 27001.

Get Safe Online

Get Safe Online

Get Safe Online is a leading source of unbiased, factual and easy-to-understand information on online safety.

Capsule8

Capsule8

Capsule8 is the only company providing high-performance attack protection for Linux production environments.

2Keys

2Keys

2Keys designs, deploys and operates Digital Identity Platforms and Cyber Security Platforms through Managed Service and Professional Service engagements.

PatrOwl

PatrOwl

Automate your SecOps with PatrOwl, and start defending your assets efficiently.

NetNordic Group

NetNordic Group

NetNordic is a Nordic system integrator focusing on solutions and services in the area of networking, smart data centers, cybersecurity, and unified communication.

Tracepoint

Tracepoint

Tracepoint provide full-service cyber incident response, remediation and recovery solutions for the most time-sensitive situation your company may ever face.

Advantio

Advantio

Advantio offers a unique combination of technologies and managed, advisory and testing services to increase your cyber resilience and compliance.

Obscure Technologies

Obscure Technologies

Obscure Technologies is a firm of experts, specialised in brokering the best security solutions to market.

Collabera Digital

Collabera Digital

Collabera Digital engineer the next generation of solutions that power tech-forward organizations and create an impact on people and communities.

Entitle

Entitle

Entitle's SaaS-based platform automates how permissions are managed, enabling organizations to eliminate bottlenecks and implement robust cloud least privilege access.