• Home
  • /
  • Malware
  • /
  • IcedID banking Trojan joins most wanted list

IcedID banking Trojan joins most wanted list

Staff Writer
By Staff Writer, ITWeb
Johannesburg, 14 Apr 2021

The IcedID banking Trojan has entered the global malware index for the first time, taking second place, after exploiting the COVID-19 pandemic to lure new victims.

This was one of the findings of Check Point’s Global Threat Index for March this year. According to the company’s researchers, while IcedID entered the index for the first time, the established Dridex Trojan was the most virulent malware during the month, up from seventh place in February.

First seen in 2017, IcedID has been spreading like wildfire during March via several spam campaigns, and affected 11% of organisations world wide. One widespread campaign that helped IcedID move up the rankings employed a COVID-19 theme to lure victims into opening malicious email attachments.

Spreading like wild fire

IcedID also makes use of other malware to proliferate and has been used as the initial infection stage in several ransomware operations.

Maya Horowitz, director, Threat Intelligence & Research, Products at Check Point, said although this Trojan has been around for a few years, it is now being widely used, showing that bad actors are constantly adapting their techniques to exploit organisations, using the pandemic as a lure.

“IcedID is a particularly evasive Trojan that uses a range of techniques to steal financial data, so organisations must ensure they have robust security systems in place to prevent their networks being compromised and minimise risks,” she added. “Comprehensive training for all employees is crucial, so they are equipped with the skills needed to identify the types of malicious emails that spread IcedID and other malware.”

Most exploited vulnerabilities

Check Point Research also cautioned that “HTTP Headers Remote Code Execution (CVE-2020-13756)” is the most common exploited vulnerability, impacting 45% of organisations globally, followed by “MVPower DVR Remote Code Execution” which impacted 44% of organisations.

Dasan GPON Router Authentication Bypass (CVE-2018-10561) appeared in third place in the top exploited vulnerabilities list, also with a world wide impact of 44%.

Check Point’s Global Threat Impact Index and its ThreatCloud Map is powered by Check Point’s ThreatCloud intelligence, a collaborative network aimed at fighting cyber crime, which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database inspects over 3 billion Web sites and 600 million files daily and identifies more than 250 million malware activities every day.