Coronavirus-themed Spam Spreads Emotet Malware

INDUSTRY.co.id - Singapore – The Threat Intelligence arm of Check Point Software Technologies Ltd. a leading provider of cyber security solutions globally, has published its latest Global Threat Index for January 2020. The research team reported that Emotet was the leading malware threat for the fourth month running, and was being spread during the month using a Coronavirus-themed spam campaign. 

The emails appear to be reporting where Coronavirus is spreading, or offering more information about the virus, encouraging the victim to open the attachments or click the links which, if opened, attempt to download Emotet on their computer. Emotet is primarily used as a distributor of ransomware or other malicious campaigns.

January also saw an increase in attempts to exploit the ‘MVPower DVR Remote Code Execution’ vulnerability, impacting 45% of organisations globally. This rose from being the third most exploited vulnerability in December to the top position this month. If successfully exploited, a remote attacker can exploit this weakness to execute arbitrary code on the targeted machine. 

“As with last month, the ‘most wanted’ malicious threats impacting organizations continue to be versatile malware such as Emotet, XMRig and Trickbot, which collectively hit over 30% of organisations worldwide,” said Maya Horowitz, Director, Threat Intelligence & Research, Products at Check Point.

“Businesses need to ensure their employees are educated about how to identify the types of topical spam emails that are typically used to propagate these threats, and deploy security that actively prevents these threats from infecting their networks and leading to ransomware attacks or data exfiltration.”

Emotet is holding the 1st place impacting 13% of organisations globally, followed by XMRig and Trickbot impacting 10% and 7% of organisations worldwide respectively.

The “MVPower DVR Remote Code Execution” was the most common exploited vulnerability, impacting 45% of organisations globally, followed by “Web Server Exposed Git Repository Information Disclosure” with an impact of 44% and the “PHP DIESCAN information disclosure” vulnerability impacting 42%.