Here are the most dangerous malware in June 2021

Check Point Research, a research division of cyber security solutions company Check Point Software Technologies, has released its latest Global Threat Index analysis for June 2021. Researchers report that Trickbot is at the top of the list of the most common malware, which it added in May

Trickbot is a botnet and banking trojan that can store financial data, user account information and personal information. steal or spread an extortionate program on the network. Last month, the CPR reported a 93% increase in the average number of attacks using blackmail programs over a 12-month period, but also pointed out that some blackmail attacks start with non-blackmail programs. For example, Ryuk extortion attacks used a malicious program called Emotet to gain access to the network, which was then infected by Trickbot before the extortion program encrypted the data.

Since the Emotet botnet was shut down in January, Trickbot trojans and botnets have become popular. Recently, its name has also emerged in connection with a new blackmail program strain, ‘Diavol’. Trickbot is constantly being updated with new capabilities, features, and distribution vectors, making it a flexible and customizable malware that can be distributed as part of multi-purpose campaigns.

“Well-known extortion program groups like Ryuk and REvila are based on a variety of malware in the early stages of infection, including the key malware of the month of June, Trickbot, “said Maya Horowitz, director of Products at Check Point Threat Intelligence & Research. “Organizations need to be more aware of the risks and make sure they have the right solutions. In addition to the Trickbot botnet and banking trojans, the June list includes a wide range of different malware, including botnets, information thieves, ‘backdoors’, RAT It is particularly important for organizations to have the right technology to deal with such a wide range of threats. If this is resolved, most attacks, even those advanced, such as REvil, can be prevented without disrupting normal business operations. “

CheckPoint Research also pointed out that “HTTP Headers Remote Code Execution” is the most commonly exploited vulnerability, appearing in 47% of organizations worldwide. This is followed by the “MVPower DVR Remote Code Execution” which has appeared in 45% of organizations. Third place is the “Dasan GPON Router Authentication Bypass”, the global impact is 44%.

Top three malware families in June 2021

Arrows indicate change from previous month.)

Trickbot took first place during the month, with 7% of organizations worldwide. followed by XMRig and Formbook, both of which appeared in 3% of organizations.

1. ↔Trickbot- Constantly updated, modular botnet and banking trojan. This makes it a flexible and customizable malware that can be distributed as part of multi-purpose campaigns.
2. ↔XMRig – XMRig, released in May 2017, is an open source CPU miner software used to mine Monero crypto currency.
3. ↔Formbook- Information thief that collects credentials from various browsers , screenshots, monitor and keyboard keystroke data, and can download and execute instructions based on C&C instructions.

Top 20 vulnerabilities in June 2021

This month, “HTTP Headers Remote Code Execution” was the most frequently exploited vulnerability, appearing in 48% of companies worldwide. This is followed by the “MVPower DVR Remote Code Execution” which appeared in 47.5% of organizations. In third place is the “Dasan GPON Router Authentication Bypass”, the global impact of 46%.

1. ↑ HTTP Headers Remote Code Execution ( CVE-2020-10826, CVE-2020-10827, CVE-2020-10828, CVE-2020-13756) – The client and server transmit additional information via HTTP headers with an HTTP request. A remote attacker could exploit the vulnerable HTTP header and execute arbitrary code on the victim’s machine.
2. ↑ MVPower DVR Remote Code Execution – Remote Code Execution vulnerability on their MVPower DVR. An attacker could exploit this vulnerability to execute arbitrary code on an attacked router through a cunning search.
3. ↑ Dasan GPON Router Authentication Bypass (CVE-2018 -10561) – Unauthorized vulnerability in Dasan GPOR routers. If successfully exploited, remote attackers could gain access to sensitive information and gain unauthorized access to the affected system.

2021 .June’s top three malicious mobile families

This month, xHelper is the most common program, followed by Hiddad and XLoader.

1. xHelper. The app, which popped up in March 2019, is used to download other malware and display ads. It can hide from the user and reinstall itself even if it is deleted.
2. Hiddad. The Android-based malware repackages legitimate apps and then places them in a third-party store. Its main function is to display advertisements, but it can also gain access to key security details of the operating system.
3. XLoader-Androidspyware and banking trojan developed by the Yanbian Gang Chinese hacker group. The malware uses DNA posing to distribute infected Androidapps, thus collecting personal and financial information.

The Check Point Global Threat Impact Index and ThreatCloud Map are based on Check Point Threat Cloud Intelligence, the largest collaborative network in the fight against cybercrime that provides threat data and attack trend information to a global network of sensors. The ThreatCloud database scans more than 3 billion websites and 600 million files daily; It identifies more than 250 million malicious activities each day.

A complete list of the top 10 malware families in June 2021 can be found on the Check Point Blog

Hardware, software, tests, curiosities and colorful news from the IT world by clicking here