Update: The 2023 Malware League Table

Uploaded on 2023-09-26 in NEWS-Cybersecurity News, FREE TO VIEW

Leading provider of cyber security solutions, Check Point Software, has published its Global Threat Index for August 2023. Researchers reported on a new variant of the ChromeLoader malware, which has been targeting Chrome browser users with fake ads loaded with malicious extensions. 

Meanwhile, the communications sector ranked as the second most impacted industry globally, knocking healthcare off the list for the first time this year.

A notable new development is the appearance of ChromeLoader, a persistent Google Chrome browser hijacker, first discovered in 2022. Ranked 10th in last month’s top malware families, it is designed to secretly install bad extensions through fake advertising on web browsers. In one recent exploit, victims are duped into running VBScript files that install malicious Chrome extensions. Once installed, they can collect personal data and disrupt browsing with unwanted ads. 

FBI - Dutch Hunt

In August, the FBI announced a significant victory in its global operation against the Qakbot (sometimes called  Qbot). In "Operation Duck Hunt" the FBI seized control of the botnet, removed the malware from infected devices, and identified a substantial number of affected devices. Qakbot evolved into a malware delivery service used for various cybercriminal activities, including ransomware attacks. It typically spreads through phishing campaigns and collaborates with other threat actors. Although it remained the most prevalent malware in August, Check Point did observe a significant decrease in its impact after the FBI operation. 

August also saw the communications sector take second place as one of the most impacted industries globally, overtaking healthcare for the first time in 2023.

There have been multiple examples of organisations in the sector facing cyberattacks this year. 
In March, Chinese state-sponsored cyberespionage group APT41 was observed targeting the telecommunication sector in the Middle East. The threat actors infiltrated Internet-facing Microsoft Exchange servers to perform command execution, conduct reconnaissance, steal credentials, and perform lateral movement and data exfiltration activities.

“We should all remain vigilant, work together and continue to practice good security hygiene across all attack vectors.” said Maya Horowitz, VP Research at Check Point. She also revealed that “HTTP Headers Remote Code Execution” was the most exploited vulnerability, impacting 40% of organiszations globally, followed by “Command Injection Over HTTP” which impacted 38% of organizations worldwide. “MVPower CCTV DVR Remote Code Execution” came in third with a global impact of 35%.

Top Malware Families

Qbot was the most prevalent malware last month with an impact of 5% worldwide organisations, followed by Formbook with a global impact of 4%, and Fakeupdates with a global impact of 3%.    


1.  Qbot – Qbot / Qakbot is a multipurpose malware that first appeared in 2008. It was designed to steal a user’s credentials, record keystrokes, steal cookies from browsers, spy on banking activities, and deploy additional malware. Often distributed via spam email, Qbot employs several anti-VM, anti-debugging, and anti-sandbox techniques to hinder analysis and evade detection. Commencing in 2022, it emerged as one of the most prevalent Trojans.  

2.  Formbook – Formbook is an Infostealer targeting the Windows OS and was first detected in 2016. It is marketed as Malware as a Service (MaaS) in underground hacking forums for its strong evasion techniques and relatively low price. FormBook harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files according to orders from its C&C. 

3.  Fakeupdates - Fakeupdates (AKA SocGholish) is a downloader written in JavaScript. It writes the payloads to disk prior to launching them. Fakeupdates led to further compromise of many other malwares, including GootLoader, Dridex, NetSupport, DoppelPaymer, and AZORult.

The Top Attacked Industries Worldwide

Education/Research remained in first place as the most attacked industries globally in August 2023 followed by Communications and Government/Military.

1.    Education/Research
2.    Communications
3.    Government/Military

Top Exploited Vulnerabilities 

Last month, “HTTP Headers Remote Code Execution” was the most exploited vulnerability, impacting 40% of organisations globally, followed by “Command Injection Over HTTP”, which impacted 38% of organisations worldwide. “MVPower CCTV DVR Remote Code Execution” was the third most used vulnerability, with a global impact of 35%.

1. HTTP Headers Remote Code Execution (CVE-2020-10826, CVE-2020-10827, CVE-2020-10828, CVE-2020-13756) - HTTP headers let the client and the server pass additional information with a HTTP request. A remote attacker may use a vulnerable HTTP Header to run arbitrary code on the victim’s machine.

2.  Command Injection Over HTTP (CVE-2021-43936, CVE-2022-24086) - A command Injection over HTTP vulnerability has been reported. A remote attacker can exploit this issue by sending a specially crafted request to the victim. Successful exploitation would allow an attacker to execute arbitrary code on the target machine. 

3.  MVPower CCTV DVR Remote Code Execution (CVE-2016-20016)- A remote code execution vulnerability exists in MVPower CCTV DVR. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.

Top Mobile Malwares

Last month Anubis remained in the top spot as the most prevalent Mobile malware, followed by AhMyth and SpinOk.

1. Anubis – Anubis is a banking Trojan malware designed for Android mobile phones. Since it was initially detected, it has gained additional functions including Remote Access Trojan (RAT) functionality, keylogger, audio recording capabilities and various ransomware features. It has been detected on hundreds of different applications available in the Google Store.

2.  AhMyth - AhMyth is a Remote Access Trojan (RAT) discovered in 2017. It is distributed through Android apps that can be found on app stores and various websites. When a user installs one of these infected apps, the malware can collect sensitive information from the device and perform actions such as keylogging, taking screenshots, sending SMS messages, and activating the camera, which is usually used to steal sensitive information.

3.  SpinOk - SpinOk is an Android software module that operates as spyware. It collects information about files stored on devices and is capable of transferring them to malicious threat actors. The malicious module was found present in more than 100 Android apps and was downloaded more than 421,000,000 times as of May 2023.

Check Point’s Global Threat Impact Index and its ThreatCloud Map provide real-time threat intelligence derived from hundreds of millions of sensors worldwide, over networks, endpoints and mobiles.   

You Might Also Read: 

The Most Used Malware In H1 2023:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« US National Cyber Security Strategy Moves On
Cyber War Crimes Will Be Prosecuted »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

HID Global

HID Global

HID Global is a trusted leader in products, services and solutions related to the creation, management, and use of secure identities.

Silverfort

Silverfort

Silverfort introduces the first security platform enabling adaptive authentication and identity theft prevention for sensitive user, device and resource throughout the entire organization.

CyberSeek

CyberSeek

CyberSeek provides detailed, actionable data about supply and demand in the cybersecurity job market.

Fair Isaac Corporation (FICO)

Fair Isaac Corporation (FICO)

FICO provides analytics software and tools used across multiple industries to manage risk, fight fraud, optimize operations and meet strict government regulations.

Ioetec

Ioetec

Ioetec's mission is to connect users to their IoT devices securely, ensuring these devices remain safe to use in our increasingly connected world.

iQuila

iQuila

iQuila is a virtual overlay network which runs on top of an existing network. It creates a secure software enabled layer 2 connection across the internet or any public or private cloud.

Blockchain Firm

Blockchain Firm

Blockchain Firm is a leading Blockchain based software solutions and service provider with our roots of expertise running deep into the technology.

MassMutual Ventures

MassMutual Ventures

Mass Mutual ventures backs companies building category-defining businesses in markets including enterprise software, digital health, cybersecurity, and fintech.

Ministry of Information and Communications (MIC) - Vietnam

Ministry of Information and Communications (MIC) - Vietnam

The Ministry of Information & Communications of Vietnam is the policy making and regulatory body in the field of information technology and national information and and communication infrastructure.

Silicon Labs

Silicon Labs

Silicon Labs are a leader in secure, intelligent wireless technology for a more connected world. We provide award-winning hardware and software security to help safeguard connected devices.

Winbond Electronics

Winbond Electronics

Winbond is a Specialty memory IC company. Product lines include Code Storage Flash Memory, TrustME® Secure Flash, Specialty DRAM and Mobile DRAM.

Kintek Group

Kintek Group

Kintek Group provides cybersecurity and managed services to protect organizations from threats that exist inside and outside their networks.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

SNC-Lavalin

SNC-Lavalin

SNC-Lavalin is a fully integrated professional services and project management company with offices around the world.

Positiwise Software Pvt Ltd

Positiwise Software Pvt Ltd

Positiwise Software offers end-to-end software development solutions to accelerate the digital growth of businesses.

Espria

Espria

Espria is a leading independent managed service provider with expertise in Cloud, IT, Communications and Document Solutions.