Check Point’s researchers also report an increase in exploits of the ‘MVPower DVR Remote Code Execution’ vulnerability, impacting 45% of organizations globally
While the threat of Coronavirus grabs the attention of the world, our latest Global Threat Index for January 2020 shows cyber-criminals are also exploiting interest in the global epidemic to spread malicious activity, with several spam campaigns relating to the outbreak of the virus.
The most prominent Coronavirus-themed campaign targeted Japan, distributing Emotet – the leading malware type for the 4th month running – in malicious email attachments feigning to be sent by a Japanese disability welfare service provider. The emails appear to be reporting where the infection is spreading in several Japanese cities, encouraging the victim to open the document which, if opened, attempts to download Emotet on their computer.
The January report also identified a malicious Lokibot sample – the 8th most popular malware this month – targeting Indonesia, with emails sent about how people in Indonesia can best protect themselves against the virus. Alongside the malicious Coronavirus spam campaigns, which we expect to become even more widely spread over the coming days, our research shows there has also been a surge in scam websites using Coronavirus in their domain names, allegedly selling vaccinations against the virus.
January also saw an increase in attempts to exploit the “MVPower DVR Remote Code Execution” vulnerability, impacting 45% of organizations globally. This rose from being 2nd most exploited vulnerability in December to the top position this month. The “Web Server Git Repository Information Disclosure” follows closely behind, with a global impact of 44%, rising from 3rd position to 2nd position this month.
Over the past four months, the top threats have remained the same versatile, multi-purpose malware families, including Emotet, XMRig, and Trickbot. Collectively, these top three malware types impact 30% of organizations globally. These attacks can be extremely damaging, leaving organizations vulnerable to data theft, extortion or operational disruption. Employees should be educated about the risks of opening, downloading or clicking on external documents that do not come from trusted sources or contact.
*The arrows relate to the change in rank compared to the previous month.
This month the top three malware families remained as in the previous month – Emotet retains the 1st place impacting 13% of organizations globally, followed by XMRig and Trickbot impacting 10% and 7% of organizations worldwide respectively.
This month “MVPower DVR Remote Code Execution” was the most common exploited vulnerability, impacting 45% of organizations globally, closely followed by “Web Server Exposed Git Repository Information Disclosure” with a global impact of 44%. In the 3rd place “PHP DIESCAN information disclosure” vulnerability impacting 42% of organizations worldwide.
This month xHelper retains its 1st place in the most prevalent mobile malware, followed by Guerilla and AndroidBauts.
Originally posted in Checkpoint Blog