In April 2019, banking trojanTrickbot re-appeared in the top ten most wanted malware list for the first time in almost two years. The multi-purpose trojan became April’s 8th most prevalent malware variant, returning with new capabilities, features and distribution vectors. Trickbot offers a high level of flexibility and customization, which enables it to be distributed as part of multi-purpose campaigns.
Trickbot was used in several campaigns in April timed to coincide with Tax Day in the USA. In the spam campaigns, attackers sent emails with Excel files attached, which downloaded Trickbot to victims’ computers. Once downloaded, Trickbot could spread inside the network and steal banking details and confidential tax documents for fraudulent use.
Although, cryptominers still occupied the top three positions in the index, the remaining seven malware types in April’s top ten were multi-purpose trojans, which is especially concerning given the fact that they may be used not only to steal private data and credentials, but also for other nefarious purposes. In the past, Emotet and Trickbot were also used to populate the Ryuk ransomware, for example. As these malware constantly morph, enterprises must have a robust line of defense against them with advanced threat prevention.
April 2019’s Top 10 ‘Most Wanted’:
*The arrows relate to the change in rank compared to the previous month.
This month Triada is the most prevalent Mobile malware, replacing Hiddad at first place in the top mobile malware list. Lootor remains in second place, and Hiddad falls to third.
April’s Top 3 ‘Most Wanted’ Mobile Malware:
Check Point’s researchers also analyzed the most exploited cyber vulnerabilities. OpenSSL TLS DTLS Heartbeat Information Disclosure exploits is the most popular exploited vulnerability with a global impact of 44% of organization worldwide. For the first time after 12 months CVE-2017-7269 dropped from first place to the second, impacting 40% of organizations, followed by CVE-2017-5638 with a global impact of 38% of organizations around the world.
April’s Top 3 ‘Most Exploited’ vulnerabilities:
The map below displays the risk index globally (green – low risk, red- high risk, grey – insufficient data), demonstrating the main risk areas and malware hot-spots around the world.