Trickbot tops 'most wanted malware' list, again
Trickbot, a modular botnet and banking trojan, remains at the top of the most prevalent malware list, affecting 4% of entities worldwide. In addition, 'Apache HTTP Server Directory Traversal' has entered the top ten list of exploited vulnerabilities.
This was revealed by Check Point Research’s Global Threat Index for October 2021.
Trickbot not only steals financial details, account credentials, and personally identifiable information, it spreads laterally within a network to drop ransomware.
Since Emotet, a highly professional and long-lasting cyber crime service was taken down in January, Trickbot has featured at the top of the most widespread malware list five times.
It's authors are continually updating it with new capabilities, features and distribution vectors which allow it to be flexible and customisable, and able to be distributed as part of multi-purpose campaigns.
A new vulnerability
'Apache HTTP Server Directory Traversal', is a new vulnerability which has entered the top ten list of exploited vulnerabilities for October.
When first discovered, developers of Apache released fixes for CVE-2021-41773 in Apache HTTP Server 2.4.50. However, the patch was insufficient, and a directory traversal vulnerability still exists in Apache HTTP Server. Successful exploitation of this vulnerability could enable an bad actor to access arbitrary files on the affected system.
Maya Horowitz, VP of research at Check Point Software, says this vulnerability was only discovered early this month, and yet is already one of the top ten most exploited vulnerabilities globally, highlighting how fast attackers move.
“This vulnerability can lead threat actors to map URLs to files outside the expected document root by launching a path traversal attack,” she adds. “It’s imperative that Apache users have appropriate protection technologies in place.”
Globally, she says one in every 61 organisations is impacted by ransomware every week, which is a shocking statistic. “Companies need to do more. Many attacks start with a simple email, so educating users on how to identify a potential threat is one of the most important defences an organisation can deploy.”
The company’s research also revealed that education and research top the list of most attacked industries globally, followed by communications and government or military.
'Web Servers Malicious URL Directory Traversal' is the most commonly exploited vulnerability, impacting 60% of businesses worldwide, followed by 'Web Server Exposed Git Repository Information Disclosure' which affects some 55%.
'HTTP Headers Remote Code Execution' comes next, with a global impact of 54%.