SAN CARLOS, Calif., Dec. 13, 2022 (GLOBE NEWSWIRE) -- Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cybersecurity solutions globally, has published its latest Global Threat Index for November 2022. This month saw the return of Emotet, an ambitious Trojan malware that took a short-lived break over the summer period. Qbot moved into third place for the first time since July 2021, with a global impact of 4%, and there was a notable increase in Raspberry Robin attacks, a sophisticated worm that typically uses malicious USB drives to infect machines.
In July 2022, Check Point Research (CPR) reported a significant decrease in Emotet’s global impact and activity, suspecting its absence would only be temporary. As predicted, the self-propagating Trojan malware is now climbing the index again, reaching second place as the most widespread malware in November, with a 4% impact on organizations globally. While Emotet began as a banking trojan, its modular design has allowed it to evolve into a distributor for other types of malwares, and it is commonly spread through phishing campaigns. Emotet’s increased prevalence could be partially contributed to a series of new malspam campaigns launched in November, which are designed to distribute IcedID banking trojan payloads. Also, for the first time since July 2021, Qbot, a Trojan that steals banking credentials and keystrokes, reached the third spot on the top malware list, with a global impact of 4%. The threat actors behind the malware are financially motivated cybercriminals, stealing financial data, banking credentials, and web browser information from infected and compromise systems. Once Qbot threat actors succeed in infecting a system, they install a backdoor to grant access to ransomware operators, leading to double extortion attacks. November saw Qbot leveraging a Windows Zero-Day vulnerability to provide threat actors full access to infected networks. This month also saw an increase in Raspberry Robin, a sophisticated worm that uses malicious USB drives that contain Windows shortcut files that appear legitimate but in fact infect a victim’s machines. Microsoft found it has evolved from a widely distributed worm to an infecting platform for distributing malware, linked to other malware families and alternate infection methods beyond its original USB drive spread.
“While these sophisticated malwares can lie dormant during quieter periods, the last few weeks act a stark reminder that they will not remain quiet for long. We cannot afford to become complacent, so it’s important that everyone remains vigilant when opening emails, clicking on links, visiting websites or sharing personal information,” said Maya Horowitz, VP Research at Check Point Software.
CPR also revealed that “Web Servers Malicious URL Directory Traversal” is the most common exploited vulnerability, impacting 46% of organizations globally, closely followed by “Web Server Exposed Git Repository Information Disclosure” with an impact of 45%. November also saw Education/Research remain in first place as the most attacked industry globally.
Top malware families
*The arrows relate to the change in rank compared to the previous month.
AgentTesla remains the most prevalent malware this month, impacting 6% of organizations worldwide, followed by new entries Emotet with a 4% impact and then Qbot with 4%.
Top Attacked Industries Globally
This month, Education/Research remains the most attacked industry globally, followed by Government/Military and then Healthcare.
Top exploited vulnerabilities
This month, “Web Servers Malicious URL Directory Traversal” is the most commonly exploited vulnerability, impacting 46% of organizations globally, followed by “Web Server Exposed Git Repository Information Disclosure” with an impact of 45%. “HTTP Headers Remote Code Execution” is still the third most used vulnerability with a global impact of 42%.
Top Mobile Malwares
This month Anubis remains the most prevalent Mobile malware, followed by Hydra and AlienBot.
Check Point’s Global Threat Impact Index and its ThreatCloud Map is powered by Check Point’s ThreatCloud intelligence. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide, over networks, endpoints and mobiles. The intelligence is enriched with AI-based engines and exclusive research data from Check Point Research, the intelligence and research Arm of Check Point Software Technologies.
The complete list of the top ten malware families in November can be found on the Check Point blog.
Follow Check Point Research via:Blog: https://research.checkpoint.com/Twitter: https://twitter.com/_cpresearch_
About Check Point Research Check Point Research provides leading cyber threat intelligence to Check Point Software customers and the greater intelligence community. The research team collects and analyzes global cyber-attack data stored on ThreatCloud to keep hackers at bay, while ensuring all Check Point products are updated with the latest protections. The research team consists of over 100 analysts and researchers cooperating with other security vendors, law enforcement and various CERTs.
About Check Point Software Technologies Ltd.Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading provider of cybersecurity solutions to corporate enterprises and governments globally. Check Point Infinity’s portfolio of solutions protects enterprises and public organisations from 5th generation cyberattacks with an industry leading catch rate of malware, ransomware, and other threats. Infinity comprises four core pillars delivering uncompromised security and generation V threat prevention across enterprise environments: Check Point Harmony, for remote users; Check Point CloudGuard, to automatically secure clouds; and Check Point Quantum, to protect network perimeters and datacenters, all controlled by the industry’s most comprehensive, intuitive unified security management; Check Point Horizon, a prevention-first security operations suite. Check Point protects over 100,000 organizations of all sizes.
MEDIA CONTACT: | INVESTOR CONTACT: | |
Emilie Beneitez Lefebvre | Kip E. Meintzer | |
Check Point Software Technologies | Check Point Software Technologies | |
press@checkpoint.com | ir@us.checkpoint.com |