The Remcos Trojan has returned to the prime 10 listing (in eighth placement) of most needed malware by Examine Position Program for the initially time due to the fact December 2022.
In accordance to the newest report published by the company before right now, risk actors utilised Remcos extensively in February to focus on Ukrainian government entities by way of phishing assaults.
The analysis doc also clarifies that, overall, weekly assaults focusing on Ukraine have reduced by 44% in between October 2022 and February 2023.
“While there has been a decrease in the amount of politically inspired attacks on Ukraine, they continue being a battleground for cyber-criminals,” spelled out Maya Horowitz, VP of research at Check out Position Software package, commenting on the report’s results.
“Hacktivism has generally been substantial on the agenda for risk actors considering that the Russo-Ukrainian war commenced, and most have favored disruptive attack solutions these as DDoS to garner the most publicity.”
Horowitz extra that modern attacks versus Ukrainian targets used a more conventional attack route, these kinds of as phishing cons, to get information and facts and extract facts.
“It’s significant that all businesses and authorities bodies follow safe and sound security practices when getting and opening emails. Do not obtain attachments with no scanning the houses very first. Stay away from clicking on links within the physique of the email, and test the sender deal with for any abnormalities this kind of as more figures or misspellings.”
Qbot retained its primary placement in the record, followed by the Formbook infostealer and the notorious Emotet trojan – each of which climbed ranks when compared to Examine Point’s January report.
Banking trojan Anubis also retained its placement as prime cell malware, adopted by Hiddad (a malware tool intended to repackage applications with added advertisements) and the AhMyth RAT.
The vulnerability most exploited in the wild in February was the web server destructive URL listing traversal, replacing the web server flaw that exposed GitHub repository facts in October 2022. The Apache Log4j distant code execution vulnerability (CVE-2021-44228) took the third spot.
Some parts of this article are sourced from:
www.infosecurity-journal.com