INDUSTRY.co.id - Singapore – Check Point Research, the Threat Intelligence arm of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber security solutions globally, has published its latest Global Threat Index for March 2020.
The well-known banking trojan Dridex, which first appeared in 2011, has entered the top ten malware list for the first time, as the third most prevalent malware in March. Dridex has been updated and is now being used in the early attack stages for downloading targeted ransomware, such as BitPaymer and DoppelPaymer.
The sharp increase in the use of Dridex was driven by several spam campaigns containing a malicious Excel file which downloads Dridex malware into the victim’s computer. This upsurge in Dridex malware highlights just how quickly cyber-criminals change the themes of their attacks to try and maximise infection rates.
Dridex is a sophisticated strain of banking malware that targets the Windows platform, delivering spam campaigns to infect computers and steal banking credentials and other personal information to facilitate fraudulent money transfer. The malware has been systematically updated and developed over the past decade.
XMRig remains in 1st place in the Index of top malware families, impacting 5% of organisations globally, followed by Jsecoin and Dridex which impacted 4% and 3% of organisations worldwide respectively.
“Dridex appearing for the first time as one of the top malware families shows how quickly cybercriminals can change their methods,” said Maya Horowitz, Director, Threat Intelligence & Research, Products at Check Point. “This kind of malware can be very lucrative for criminals given its sophistication, and is now being used as a ransomware downloader, which makes it even more dangerous than previous variants. So, individuals need to be wary of emails with attachments, even if they appear to originate from a trusted source - especially with the explosion in home working over the past few weeks. Organisations need to be educating employees on how to identify malicious spam, and deploy security measures that help protect their teams and networks against such threats.”
The research team also warns that “MVPower DVR Remote Code Execution” remained the most common exploited vulnerability, impacting 30% of organisations globally, closely followed by “PHP php-cgi Query String Parameter Code Execution” with a global impact of 29%, followed by “OpenSSL TLS DTLS Heartbeat Information Disclosure” impacting 27% of organisations worldwide.