STOCK TITAN

November 2020’s Most Wanted Malware: Notorious Phorpiex Botnet Returns As Most Impactful Infection

Rhea-AI Impact
(Low)
Rhea-AI Sentiment
(Negative)
Tags
Rhea-AI Summary

Check Point Research has released its latest report highlighting a significant uptick in cyber attacks utilizing the Phorpiex Botnet, primarily distributing the Avaddon ransomware.

In November 2020, Phorpiex impacted 4% of organizations globally, marking it as the month’s most prevalent malware. The report also identifies the HTTP Headers Remote Code Execution (CVE-2020-13756) as the most commonly exploited vulnerability, affecting 54% of firms worldwide. Companies are urged to enhance protection measures and employee awareness to combat these threats.

Positive
  • Phorpiex botnet identified as the most prevalent malware in November, impacting 4% of organizations globally.
  • Check Point's threat intelligence provides vital information for cybersecurity improvements.
Negative
  • Significant threat from Avaddon ransomware being distributed, indicating increased risk for organizations.
  • 54% of organizations affected by the HTTP Headers Remote Code Execution vulnerability.

Check Point Research reports new surge in attacks using the Phorpiex Botnet delivering the Avaddon ransomware in malicious spam campaigns

SAN CARLOS, Calif., Dec. 09, 2020 (GLOBE NEWSWIRE) -- Check Point Research, the Threat Intelligence arm of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber security solutions globally, has published its latest Global Threat Index for November 2020, showing a new surge in infections by the well-known Phorpiex botnet which has made it the month’s most prevalent malware, impacting 4% of organizations globally.  Phorpiex was last seen in the Threat Index’s top 10 in June this year. 

The Phorpiex botnet was first reported in 2010, and at its peak controlled more than a million infected hosts. Known for distributing other malware families via spam as well as fueling large-scale “sextortion” spam campaigns and cryptomining, Phorpiex has again been distributing the Avaddon ransomware, as Check Point researchers originally reported earlier this year.  Avaddon is a relatively new Ransomware-as-a-Service (RaaS) variant, and its operators have again been recruiting affiliates to distribute the ransomware for a cut of the profits. Avaddon has been distributed via JS and Excel files as part of malspam campaigns and is able to encrypt a wide range of file types.

“Phorpiex is one of the oldest and most persistent botnets, and has been used by its creators for many years to distribute other malware payloads such as GandCrab and Avaddon ransomware, or for sextortion scams. This new wave of infections is now spreading another ransomware campaign, which shows just how effective a tool Phorpiex is,” said Maya Horowitz, Director, Threat Intelligence & Research, Products at Check Point. “Organizations should educate employees about how to identify potential malspam and to be wary of opening unknown attachments in emails, even if they appear to come from a trusted source. They should also ensure they deploy security that actively prevents them from infecting their networks.”

The research team also warns that “HTTP Headers Remote Code Execution (CVE-2020-13756)” is the most common exploited vulnerability, impacting 54% of organizations globally, followed by “MVPower DVR Remote Code Execution” impacted 48% of organizations worldwide and “Dasan GPON Router Authentication Bypass (CVE-2018-10561) impacted 44% of organizations globally.

Top malware families
*The arrows relate to the change in rank compared to the previous month.

This month, Phorpiex is the most popular malware with a global impact of 4% of organizations, closely followed by Dridex and Hiddad which both impacted 3% of organizations worldwide.  

  1. ↑ Phorpiex – Phorpiex is a botnet known for distributing other malware families via spam campaigns as well as fueling large scale Sextortion campaigns.
  2. ↑ Dridex - Dridex is a Trojan that targets the Windows platform and is reportedly downloaded via a spam email attachment. Dridex contacts a remote server and sends information about the infected system. It can also download and execute arbitrary modules received from the remote server.
  3. Hiddad – Hiddad is an Android malware infection which repackages legitimate mobile apps and then releases them to a third-party store. Its main function is to display ads, but it can also gain access to key security details built into the OS.

Top exploited vulnerabilities

This month HTTP Headers Remote Code Execution (CVE-2020-13756)” is the most common exploited vulnerability, impacting 54% of organizations globally, followed by “MVPower DVR Remote Code Execution” impacted 48% of organizations worldwide and “Dasan GPON Router Authentication Bypass (CVE-2018-10561) impacted 44% of organizations globally.

  1. HTTP Headers Remote Code Execution (CVE-2020-13756) – HTTP headers let the client and the server pass additional information with an HTTP request. A remote attacker may use a vulnerable HTTP Header to run arbitrary code on the victim machine.

  2. MVPower DVR Remote Code Execution – remote code execution vulnerability exists in MVPower DVR devices. A remote attacker can exploit this weakness to execute arbitrary code in the affected router via a crafted request.

  3.  Dasan GPON Router Authentication Bypass (CVE-2018-10561) – An authentication bypass vulnerability that exists in Dasan GPON routers. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system.

Top Mobile Malwares

This month Hiddad remains the most prevalent Mobile malware, followed by xHelper and Lotoor.

  1. Hiddad Hiddad is an Android malware infection which repackages legitimate apps and then releases them to a third-party store. Its main function is to display ads, but it can also gain access to key security details built into the OS.

  2. xHelper – xHelper is a malicious application seen in the wild since March 2019, used for downloading other malicious apps and display advertisement. The application is capable of hiding itself from the user and reinstalling itself in case it is uninstalled.

  3. Lotoor Lotoor is a hack tool that exploits vulnerabilities on Android operating system in order to gain root privileges on compromised mobile devices.

Check Point’s Global Threat Impact Index and its ThreatCloud Map is powered by Check Point’s ThreatCloud intelligence, the largest collaborative network to fight cybercrime which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database inspects over 2.5 billion websites and 500 million files daily, and identifies more than 250 million malware activities every day.

The complete list of the top 10 malware families in November can be found on the Check Point Blog.
  
Follow Check Point Research via:
Blog: https://research.checkpoint.com/
Twitter: https://twitter.com/_cpresearch

About Check Point Research
Check Point Research provides leading cyber threat intelligence to Check Point Software customers and the greater intelligence community. The research team collects and analyzes global cyber-attack data stored on ThreatCloud to keep hackers at bay, while ensuring all Check Point products are updated with the latest protections. The research team consists of over 100 analysts and researchers cooperating with other security vendors, law enforcement and various CERTs.

About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading provider of cyber security solutions to governments and corporate enterprises globally.  Check Point’s solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware and advanced targeted threats. Check Point offers a multilevel security architecture, “Infinity Total Protection with Gen V advanced threat prevention”, this combined product architecture defends an enterprise’s cloud, network and mobile devices. Check Point provides the most comprehensive and intuitive one point of control security management system. Check Point protects over 100,000 organizations of all sizes.

MEDIA CONTACT:
Emilie Beneitez Lefebvre
Check Point Software Technologies
press@checkpoint.com
                            INVESTOR CONTACT:
Kip E. Meintzer
Check Point Software Technologies
ir@us.checkpoint.com
   

FAQ

What recent malware has Check Point Research reported on?

Check Point Research recently reported a surge in infections by the Phorpiex botnet.

How many organizations were impacted by the Phorpiex botnet?

The Phorpiex botnet impacted 4% of organizations globally in November 2020.

What is the most common exploited vulnerability according to Check Point?

The most common exploited vulnerability was the HTTP Headers Remote Code Execution (CVE-2020-13756), affecting 54% of organizations.

What type of ransomware is distributed by the Phorpiex botnet?

The Phorpiex botnet is distributing the Avaddon ransomware.

What should organizations do to protect against the Phorpiex botnet?

Organizations are advised to educate employees on identifying malspam and deploy security measures to prevent infections.

Check Point Software Technologies Ltd

NASDAQ:CHKP

CHKP Rankings

CHKP Latest News

CHKP Stock Data

20.98B
85.09M
22.63%
72.01%
2.89%
Software - Infrastructure
Technology
Link
United States of America
Tel Aviv