Education, transport and government among most cyber-attacked
Check Point has published its Global Threat Index for December 2022, which shows a resurgence of Glupteba malware and heightened activity for Qbot, a sophisticated Trojan that steals banking credentials and keystrokes. Qbot has overtaken Emotet to be the most prevalent malware, impacting around 7% of organisations worldwide.
Google had previously managed to disrupt Glupteba in December 2021, according to Check Point, but it has reared its head again. It is designed to steal user credentials and session cookies from infected machines, allowing access to a user's online accounts or other systems. As a modular malware variant, it is capable of achieving multiple objectives. The botnet is often used as a downloader and dropper for other malware, meaning infection could lead to another issue including ransomware infection, data breach or other security incident. Glupteba is also capable of carrying out cryptomining functions, draining resources to mine blocks.
"The overwhelming theme from our latest research is how malware often masquerades as legitimate software to give hackers backdoor access to devices without raising suspicion. That is why it is important to do your due diligence when downloading any software and applications or clicking on links, regardless of how genuine they look," said Maya Horowitz, VP Research at Check Point Software.
Top malware families in Australia
- Qbot AKA Qakbot is a banking Trojan that first appeared in 2008. It was designed to steal a user's banking credentials and keystrokes. Often distributed via spam email, Qbot employs several anti-VM, anti-debugging and anti-sandbox techniques to hinder analysis and evade detection.
- Emotet is an advanced, self-propagating and modular Trojan. Emotet used to be employed as a banking Trojan, and recently was used as a distributor for other malware or malicious campaigns. It uses multiple methods for maintaining persistence and evasion techniques to avoid detection. In addition, it can be spread through phishing spam emails containing malicious attachments or links.
- XMRig is open-source CPU mining software used to mine the Monero cryptocurrency. Threat actors often abuse this open-source software by integrating it into their malware to conduct illegal mining on victims' devices.
Top attacked industries in Australia
December 2022 adhered to the recent trendline, with education and research sitting at the top of the most attacked industries in Australia, followed by transport, government and military.
Top exploited vulnerabilities
In December, Web Server Exposed Git Repository Information Disclosure was the most common exploited vulnerability, impacting 46 percent of organisations globally, followed by Web Servers Malicious URL Directory Traversal with 44 percent of organisations impacted worldwide. Command Injection Over HTTP is the third most used vulnerability, with a global impact of 43 percent.
Austroads' Digital Trust Service positioned for scalable expansion
Austroads' Digital Trust Service can be used to authenticate mobile driver licences issued by...
Home Affairs opens consultation on Zero Trust culture
The Department of Home Affairs has released a consultation paper on embedding a Zero Trust...
Macquarie Government deploys SASE for federal agency
Macquarie Government has expanded its partnership with Netskope following its deployment of the...