Trickbot and Emotet were still rampant in October, and these malware has been the reason for the sharp increase in ransomware attacks by hospitals and healthcare providers around the world. A warning from U.S. government agencies for ransomware attacks against the healthcare industry warns that an estimated 1 million Trickbot infections worldwide are used to download and spread file encryption ransomware such as Ryuk. Ryuk is also distributed through the Emotet Trojan , which ranked first in the Top Malware Index for the fourth consecutive month.
According to Check Point threat intelligence data, the U.S. health care department became the largest target of ransomware attacks in October, with the number of attacks increasing by 71% compared with September 2020. Similarly, the number of ransomware attacks against healthcare organizations and hospitals in Europe, Middle East and Africa also increased by 36%. In our Asia-Pacific region, 33%.
Since the coronavirus pandemic, ransomware attacks have been increasing to try to exploit security vulnerabilities as organizations scramble to support remote employees. The number of these viruses has surged in a staggering spike in the past three months, especially in the healthcare sector, and is caused by pre-existing TrickBot and Emotet infections. Healthcare organizations should be more vigilant about this risk and scan these infections before becoming the gateway to infected ransomware attacks to prevent actual damage.
October 2020 "Ten Unforgivables"
* arrow indicates the ranking changes compared to last month.
This month, Emotet is still ranked first in malware, affecting 12% of organizations worldwide. The second is Trickbot and Hiddad, both of which affect 4% of organizations sampled worldwide.
1, ↔ Emotet – Emotet is an advanced self-propagating modular banking Trojan that has been recently used as a distribution tool for other malware or malicious activities. Use multiple methods to maintain persistence and evasion techniques to avoid detection. It can also be boosted by phishing spam that contains malicious attachments or links.
2, ↔Trickbot – Trickbot is a dominant banking Trojan that constantly updates with new features, functions and distribution media. This makes Trickbot a flexible and customizable malware that can be distributed as part of a multi-purpose campaign.
3, ↑Hiddad – Hiddad is an Android malware that can repackage legal applications and then publish them to third-party stores. The main function is to publish illegal advertisements, access key security details built into the operating system, etc.
4, ↓ Dridex – Dridex is a Trojan program for the Windows platform, which is distributed through spam attachment downloads. Dridex connects to a remote server and sends information about the infected system, and can download and execute any functional modules received from the remote server.
5, ↑Formbook – Formbook is an information stealer that can collect credentials, screenshots, monitors, and log keyboards from various web browsers, and can download and execute files based on its C&C commands.
6, ↔Qbot – Qbot is a banking Trojan that first appeared in 2008 and aims to steal users' bank credentials and keyboards. Qbot is typically distributed via spam, and it uses a variety of anti-VM, anti-debug, and anti-sandboxing techniques to prevent analysis and evade detection.
7, ↓ XMRig – XMRig is a malicious mining software that uses CPU to mine the cryptocurrency Monero. It first appeared in May 2017.
8, ↑Zloader – Zloader is an iteration of the infamous Zeus banking malware that uses Webinjects to steal credentials, passwords and cookie in web browsers and other sensitive information from customers of banks and financial institutions. An attacker can connect to an infected system through a virtual network computing client and use the user's device to conduct fraudulent transactions.
9, ↑XHelper–xHelper is a common malicious application in the wild since March 2019, used to download other malicious applications and promote malicious ads. You can hide yourself from the user and reinstall it after uninstalling.
10, ↓ Ramnit – Ramnit is a banking Trojan that steals bank credentials, FTP passwords, session cookies and personal data.
1 October vulnerability Top10
This month vulnerability, MVPower DVR remote code execution is the most commonly exploited vulnerability, affecting 43% of organizations sampling globally, followed by Dasan GPON router authentication bypass and HTTP header remote code execution (CVE-2020-13756), both of which affect 42% of organizations sampling globally.
1, ↔MVPower DVR Remote code execution – MVPower There is a remote code execution vulnerability in the DVR device. Remote attackers can exploit this vulnerability to execute arbitrary code in the affected router through carefully crafted requests.
2, ↔ Dasan GPON router authentication bypass (CVE-2018-10561) – There is an authentication bypass vulnerability in the Dasan GPON router. Successfully exploiting this vulnerability will allow remote attackers to obtain sensitive information and gain unauthorized access to the affected system.
3, ↑HTTP header remote code execution (CVE-2020-13756) – HTTP header enables clients and servers to pass other information through HTTP requests. A remote attacker may use a vulnerable HTTP header to run arbitrary code on the victim computer.
4, ↑Draytek Vigor Command Injection (CVE-2020-8515) – A command injection vulnerability exists in Draytek Vigor. A remote attacker can execute arbitrary code on the affected system.
5, ↓ OpenSSL TLS DTLS heartbeat information leakage (CVE-2014-0160;CVE-2014-0346) – There is an information leakage vulnerability in OpenSSL. The vulnerability is due to an error handling TLS/DTLS heartbeat packets. An attacker could exploit this vulnerability to disclose the memory content of a connected client or server.
6, ↑WordPress Portable-phpMyAdmin plug-in authentication bypass (CVE-2012-5469) – WordPress Portable - An authentication bypass vulnerability in the phpMyAdmin plug-in. Remote attackers can obtain sensitive information and gain unauthorized access to affected systems.
7, ↓ 1Git repository information leaked by the Web server – An information leak vulnerability was reported in the Git repository. This may lead to unintentional disclosure of account information.
8, ↔SQL injection (several techniques) – Insert the injection of SQL queries into the input from the client to the application, while taking advantage of security vulnerabilities in the application software.
9, ↑ w00tw00t security scanner – w00tw00t is a vulnerability scanning product. Remote attackers can use w00tw00t to detect vulnerabilities on target servers.
10, ↑PHP DIESCAN information leakage – An information leakage vulnerability has been reported in the PHP page. This vulnerability could cause the server to leak sensitive information.
1 October mobile malware Top3
This month's mobile malware rankings are one, two and three. Hiddad, xHelper, Lotoor.
1, Hiddad – Hiddad is an Android malware that can repackage legal applications and then publish them to third-party stores. The main feature is to display malicious ads, allowing access to critical security details built into the operating system.
2, xHelper – A common malicious application in the wild since March 2019, used to download other malicious applications and display ads. The app can hide itself from the user and reinstall it after uninstalling.
3, Lotoor-Lotoor is a hacker tool that can exploit vulnerabilities on Android operating systems to obtain Root privileges for infected mobile devices.
The most famous hacking event in the world PWN2OWN Tokyo 2020 Day 1 match review
The most famous hacking event in the world PWN2OWN Tokyo 2020 Day 2 match review
The most famous hacking event in the world PWN2OWN Tokyo 2020 Day 3 match review
The "Ten Hell" ranking of malware in September 2020
The "Ten Hell" ranking of malware in August 2020
The "Ten Hell" ranking of malware in August 2020
included in the topic #Malware's "Ten Evils" Ranking
20
Next article
