Formbook Takes the Throne as Most Prevalent Malware

September 2023’s Most Wanted Malware: Remcos Wreaks Havoc in Colombia and Formbook Takes Top Spot after Qbot Shutdown, reveals Check Point.

Check Point’s Global Threat Index for September 2023, released on October 6th, revealed that Education and Research remain the top targeted industries in September 2023.

The cybersecurity researchers at Check Point have released its Global Threat Index for September 2023, revealing significant shifts in the cyber threat landscape. The report highlights a notable phishing campaign that targeted numerous organizations in Colombia, resulting in the surge of the Remcos Remote Access Trojan (RAT) and the rise of Formbook as the most prevalent malware following the demise of Qbot.

Here, it’s worth noting that Qbot, also known as Qakbot and Pinkslipbot malware, faced disruption by the FBI in August 2023, having infected 700,000 computers globally. Despite this disruption, a recent report from Cisco Talos Intelligence Group reveals that the cybercriminals responsible for Qbot remain active, now distributing a new malware known as Ransom Knight.

Colombia Under Attack: Remcos RAT Unleashed

In September, Check Point Research uncovered a large-scale phishing campaign aimed at over 40 prominent businesses across various industries in Colombia. The primary objective of this campaign was to surreptitiously deploy the Remcos RAT on victims’ computers.

Remcos ranked as the second most prevalent malware in September, is a sophisticated Remote Access Trojan, offering attackers full control over the infected systems and versatile malicious capabilities. The consequences of a Remcos infection are dire, encompassing data theft, subsequent malware infections, and account takeovers.

Maya Horowitz, VP of Research at Check Point Software, stated, “The campaign that we uncovered in Colombia offers a glimpse into the intricate world of evasion techniques employed by attackers. It is also a good illustration of how invasive these techniques are and why we need to employ cyber resilience to guard against a variety of attack types.”

Formbook Takes the Throne

The September Global Threat Report Index also revealed a noteworthy shift in the top malware rankings. Formbook, an Infostealer targeting Windows OS, claimed the number one spot with a global impact of 3% on organizations worldwide.

First detected in 2016, Formbook data stealer is marketed as Malware as a Service (MaaS) in underground hacking forums for its potent evasion techniques and relatively low price. Its capabilities include harvesting credentials from web browsers, capturing screenshots, logging keystrokes, and executing files on the attacker’s command.

Qbot’s Reign Ends?

The most significant change in the malware landscape was the exit of Qbot from the top malware list. The FBI had seized control of the Qbot botnet in August, marking the end of its long-standing reign as the most prevalent malware throughout most of 2023.

However, as the group responsible for Qbot is still active and already disseminating new malware, the significance of the disruption of the malware’s infrastructure may have somewhat diminished.

Top Attacked Industries and Vulnerabilities

In terms of attacked industries globally, Education/Research remained the top target, followed by Communications and Government/Military. These sectors continue to face relentless cyber threats.

Regarding exploited vulnerabilities, “Web Servers Malicious URL Directory Traversal” took the top spot, affecting 47% of organizations worldwide. This vulnerability allows unauthenticated remote attackers to access arbitrary files on vulnerable servers. “Command Injection Over HTTP” followed closely with 42%, and “Zyxel ZyWALL Command Injection” was at 39% in terms of impact.

Malware Attacks Against Smartphones

In the mobile malware arena, Anubis retained its position as the most prevalent mobile malware, followed by AhMyth and SpinOk. Anubis, initially a banking Trojan, has evolved to include Remote Access Trojan (RAT) functionality, keylogging, audio recording capabilities, and ransomware features.

AhMyth, discovered in 2017, is another RAT distributed through Android apps that collect sensitive information from infected devices. SpinOk, operating as spyware, was found in over 100 Android apps, amassing more than 421 million downloads as of May 2023.

As cybersecurity threats continue to evolve, organizations must remain vigilant and proactive in implementing robust cybersecurity measures to protect against the ever-present dangers of malware and vulnerabilities.

  1. US, India and China Most Targeted in DDoS Attacks
  2. Microsoft Office Most Exploited Software in Malware Attacks
  3. Schools Are the Most Targeted Industry by Ransomware Gangs
  4. Russian Dark Net Markets Dominate the Global Illicit Drug Trade
  5. What Are the Top 10 Android Edu Apps That Collect Most User Data?
  6. VirusTotal Reveals Apps Most Exploited by Hackers to Spread Malware
  7. Microsoft, PayPal & Facebook most targeted brands in phishing scams
Related Posts