Education, transport and government among most cyber-attacked

Check Point has published its Global Threat Index for December 2022, which shows a resurgence of Glupteba malware and heightened activity for Qbot, a sophisticated Trojan that steals banking credentials and keystrokes. Qbot has overtaken Emotet to be the most prevalent malware, impacting around 7% of organisations worldwide.

Google had previously managed to disrupt Glupteba in December 2021, according to Check Point, but it has reared its head again. It is designed to steal user credentials and session cookies from infected machines, allowing access to a user's online accounts or other systems. As a modular malware variant, it is capable of achieving multiple objectives. The botnet is often used as a downloader and dropper for other malware, meaning infection could lead to another issue including ransomware infection, data breach or other security incident. Glupteba is also capable of carrying out cryptomining functions, draining resources to mine blocks.

"The overwhelming theme from our latest research is how malware often masquerades as legitimate software to give hackers backdoor access to devices without raising suspicion. That is why it is important to do your due diligence when downloading any software and applications or clicking on links, regardless of how genuine they look," said Maya Horowitz, VP Research at Check Point Software.

Top malware families in Australia

• Qbot AKA Qakbot is a banking Trojan that first appeared in 2008. It was designed to steal a user's banking credentials and keystrokes. Often distributed via spam email, Qbot employs several anti-VM, anti-debugging and anti-sandbox techniques to hinder analysis and evade detection.
• Emotet is an advanced, self-propagating and modular Trojan. Emotet used to be employed as a banking Trojan, and recently was used as a distributor for other malware or malicious campaigns. It uses multiple methods for maintaining persistence and evasion techniques to avoid detection. In addition, it can be spread through phishing spam emails containing malicious attachments or links.
• XMRig is open-source CPU mining software used to mine the Monero cryptocurrency. Threat actors often abuse this open-source software by integrating it into their malware to conduct illegal mining on victims' devices.

Top attacked industries in Australia

December 2022 adhered to the recent trendline, with education and research sitting at the top of the most attacked industries in Australia, followed by transport, government and military.

Top exploited vulnerabilities

In December, Web Server Exposed Git Repository Information Disclosure was the most common exploited vulnerability, impacting 46 percent of organisations globally, followed by Web Servers Malicious URL Directory Traversal with 44 percent of organisations impacted worldwide. Command Injection Over HTTP is the third most used vulnerability, with a global impact of 43 percent.

Image credit: iStock.com/style-photography