CISA & ACSC Name 2021’s Top Malware

Uploaded on 2022-08-17 in NEWS-News Analysis, INTELLIGENCE--International, FREE TO VIEW

 The US Cybersecurity and Infrastructure Security Agency (CISA) released a list of the most detected 2021 malware strains in a joint advisory with the Australian Cyber Security Centre (ACSC). 

The cyber security agencies said that in 2021, the top malware types included remote access Trojans (RATs), banking Trojans, information stealers and ransomware. 

CISA and ACSC have been monitoring ransomware, rootkits, spyware, trojans, viruses, and worms and the top malware strains observed in 2021 include Agent Tesla, AZORult, Formbook, Ursnif, LokiBot, MOUSEISLAND, NanoCore, Qakbot, Remcos, TrickBot, and GootLoader.

Of these, Agent Tesla, AZORult, Formbook, LokiBot, NanoCore, Remcos, and TrickBot have been used in attacks for at least the last five years, while Qakbot and Ursnif have been used for over a decade.

These malware families' longevity is due to their developers' ongoing efforts to upgrade them by adding new capabilities and ways to evade detection.  

"Most of the top malware strains have been in use for more than five years with their respective code bases evolving into multiple variations," the cyber security agencies said. "The most prolific malware users of the top malware strains are cyber criminals, who use malware to deliver ransomware or facilitate theft of personal and financial information. Developers of these top 2021 malware strains continue to support, improve, and distribute their malware over several years. Malware developers benefit from lucrative cyber operations with low risk of negative consequences," the agencies added. "Many malware developers often operate from locations with few legal prohibitions against malware development and deployment."

Malware Security Suggestions 

The joint advisory includes Snort signatures for all malware in the top to detect payloads by monitoring network traffic and a list of mitigation measures. CISA and ACSC encourage admins and security teams to apply the following mitigations to defend against malware attacks:

  • Update software, including operating systems, applications, and firmware, on I.T. network assets.
  • Enforce MFA to the greatest extent possible.
  • If you use RDP and/or other potentially risky services, secure and monitor them closely.
  • Maintain offline, physically disconnected, backups of data.
  • Provide end-user awareness and training to help block social engineering and spear phishing attacks.
  • Implement network segmentation to separate network segments based on role and functionality

To mitigate the risk of malware attacks, organisations are strongly advised to train employees and users to be alert the sources of malware and remedial actions to take once infection is identified.

CISA:     ACS:   The Record:    Security MagazineCybersecurity Dive:   Bleeping Computer:   SC Magazine:  

You Might Also Read:

A Short Guide To Ransomware:

 

« Cyber Attack On London Crypto Exchange
Killnet Turn Their Attention To Lockheed Martin »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Verlingue

Verlingue

Verlingue (formerly ICB Group) is a leading corporate insurance broker providing Insurance, Risk Management and related advice to businesses and private clients.

Cyxtera Technologies

Cyxtera Technologies

Cyxtera offers powerful, secure IT infrastructure capabilities paired with agile, dynamic software-defined security.

H-ON Consulting

H-ON Consulting

H-ON Consulting develops and applies robust cyber security procedures enabling control systems to be secure.

redGuardian

redGuardian

redGuardian is a DDoS mitigation solution available both as a BGP-based service and as an on-premise platform.

Axcient

Axcient

Axcient offers MSPs the most secure backup and disaster recovery technology stack with a proven Business Availability suite.

Connectria

Connectria

Connectria provides cloud hosting, remote monitoring, and compliant cloud security solutions and services to enterprises, medium and small businesses.

TekSynap

TekSynap

TekSynap is a full spectrum Information Technology services provider to federal government agencies.

Assure IT

Assure IT

Assure IT is a Singapore company specialising in technology governance, risk and compliance.

Defentry

Defentry

Defentry have created an Ecosystem that lets our users easily monitor, train and resolve their digital security issues.

LAVAAT

LAVAAT

At LAAVAT, our goal is to make it easy for our customers to build secure IoT devices without a need to invest considerably in embedded security and cryptography expertise.

CSIOS Corp.

CSIOS Corp.

At CSIOS we help our customers achieve and sustain information and cyberspace superiority through a full range of defensive and offensive cyberspace operations and cybersecurity consulting services.

Altospam

Altospam

Altospam is a full service corporate email protection, integrating multiple security levels for your emails.

Trenton Systems

Trenton Systems

Trenton Systems are committed to providing high-performance computing solutions to customers running mission-critical applications in harsh settings worldwide and across various industries.

Grindstone Ventures

Grindstone Ventures

Grindstone Ventures is a post-seed fund that supports post-seed equity and quasi-equity investments in early-stage innovation-driven and/or technology companies.

Somerville

Somerville

Somerville are a full service IT partner with over 40 years experience delivering exceptional service and value to our customers.

Doherty Associates

Doherty Associates

Drawing on our deep industry knowledge and business insight, Doherty deliver intelligent IT solutions and services that help people work more securely, more productively and more creatively.