December's Most Wanted Malware: Greta Thunberg-themed spam used to spread Emotet
Emotet was the leading malware threat for the third month in a row, according to Check Point's December 2019 Global Threat Index. The malware was spread via a range of email messages including 'Support Greta Thunberg - Time Person of the Year 2019' and 'Christmas Party!' Within the email was an attached malicious Microsoft Word document. If the recipient opened it, it would repeatedly try to download Emotet. Emotet is primarily used as a distributor of ransomware or other malicious campaigns. Check Point's researchers also reported a sharp increase in exploits against the 'Command Injection Over HTTP' vulnerability, with 33% of global organizations being targeted. This vulnerability rose from being the fifth most exploited in November to the top position in December. If successfully exploited, the payload was a DDoS botnet: the malicious file used in the attack also contained a number of links to payloads exploiting vulnerabilities in several IoT devices from manufacturers including D-Link, Huawei and RealTek, with the aim of recruiting these devices into botnets, according to a Check Point press release.
"Over the past three months, the threats impacting most organizations have been versatile, multi-purpose malware like Emotet and xHelper," Maya Horowitz, director, threat intelligence & research, products at Check Point, said in the release. "These give cyber-criminals multiple options for monetizing attacks, as they can be used for distributing ransomware or spreading further spam campaigns. The aim for criminals is to get a foothold in as many organizations and devices as possible, so that subsequent attacks can be more lucrative and damaging."
December 2019's Top 3 'Most Wanted' Malware:
Emotet impacted 13% of organizations globally in December, up from 9% in November. XMRig and Trickbot each impacted 7% of organizations.
SEE: Special report: Cyberwar and the future of cybersecurity (free PDF) (TechRepublic)
December's Top 3 'Most Wanted' Mobile Malware:
xHelper and Guerrilla remain the top two positions of the mobile malware index.
December's 'Most Exploited' vulnerabilities:The 'Command Injection Over HTTP' was the most common exploited vulnerability, with 33% of organizations around the world being impacted. Coming in second is the MVPower DVR Remote Code Execution vulnerability with 32% of organizations impacted, and the Web Server Exposed Git Repository Information Disclosure impacted 29% of organizations.