STOCK TITAN

October 2020’s Most Wanted Malware: Trickbot and Emotet Trojans Are Driving Spike in Ransomware Attacks

Rhea-AI Impact
(Low)
Rhea-AI Sentiment
(Negative)
Tags
Rhea-AI Summary

Check Point Research reveals that Trickbot and Emotet are the most prevalent malware in its Global Threat Index for October 2020. These trojans are primarily distributed as ransomware targeting the healthcare sector, with a reported 71% increase in attacks in the U.S. since September. The FBI has issued warnings regarding these threats, indicating over one million Trickbot infections worldwide. Additionally, vulnerabilities like MVPower DVR Remote Code Execution are being exploited, affecting 43% of organizations globally.

Positive
  • Highlighted increase in demand for cybersecurity solutions as ransomware attacks soar.
  • Positioning as a leader in providing cybersecurity intelligence, potentially increasing market reputation.
Negative
  • Ransomware attacks against healthcare organizations increased by 71%, indicating severe threats in their market segment.
  • Potential reputational risk due to high-profile vulnerabilities being exploited.

Check Point Research reports that Trickbot and Emotet top the Global Threat Index, and are being used for distributing ransomware against hospitals and healthcare providers globally

SAN CARLOS, Calif., Nov. 06, 2020 (GLOBE NEWSWIRE) -- Check Point Research, the Threat Intelligence arm of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber security solutions globally, has published its latest Global Threat Index for October 2020. Researchers reported that the Trickbot and Emotet trojans continue to rank as the top two most prevalent malware in October, and that the trojans have been responsible for the sharp increase in ransomware attacks against hospitals and healthcare providers globally.

The FBI and other U.S. government agencies recently issued a warning about ransomware attacks targeting the healthcare sector, warning that the estimated one million-plus Trickbot infections worldwide are being used to download and spread file-encrypting ransomware such as Ryuk. Ryuk is also distributed via the Emotet trojan, which remains in 1st place in the Top Malware Index for the fourth month in succession.

Check Point threat intelligence data showed that the healthcare sector was the most targeted by ransomware in the U.S. in October, with attacks increasing by 71% compared with September 2020. Similarly, ransomware attacks against healthcare organizations and hospitals in October increased by 36% in EMEA and 33% in APAC.

“We’ve seen ransomware attacks increasing since the start of the coronavirus pandemic, to try and take advantage of security gaps as organizations scrambled to support remote workforces. These have surged alarmingly over the past three months, especially against the healthcare sector, and are driven by pre-existing Trickbot and Emotet infections. We strongly urge healthcare organizations everywhere to be extra vigilant about this risk, and scan for these infections before they can cause real damage by being the gateway to a ransomware attack,” said Maya Horowitz, Director, Threat Intelligence & Research, Products at Check Point.

The research team also warns that “MVPower DVR Remote Code Execution” is the most common exploited vulnerability, impacting 43% of organizations globally, followed by “Dasan GPON Router Authentication Bypass” and “HTTP Headers Remote Code Execution (CVE-2020-13756)” with both impacting 42% of organizations globally.

Top malware families
*The arrows relate to the change in rank compared to the previous month.

This month, Emotet remains the most popular malware with a global impact of 12% of organizations, followed by Trickbot and Hiddad which both impacted 4% of organizations worldwide.

  1. ↔ Emotet – Emotet is an advanced self-propagating, and modular trojan. Emotet was once used as a banking trojan, and recently has been used as a distributer of other malware or malicious campaigns. It uses multiple methods for maintaining persistence and evasion techniques to avoid detection. In addition, it can be spread through phishing spam emails containing malicious attachments or links.

  2. ↔ Trickbot – Trickbot is a dominant banking trojan constantly being updated with new capabilities, features and distribution vectors. This enables Trickbot to be a flexible and customizable malware that can be distributed as part of multi purposed campaigns.

  3. ↑ Hiddad – Hiddad is an Android malware which repackages legitimate apps and then releases them to a third-party store. Its main function is to display ads, but it can also gain access to key security details built into the OS.

Top exploited vulnerabilities

This month “MVPower DVR Remote Code Execution” is the most common exploited vulnerability, impacting 43% of organizations globally, followed by “Dasan GPON Router Authentication Bypass” and “HTTP Headers Remote Code Execution (CVE-2020-13756)” with both impacting 42% of organizations globally.

  1. ↔ MVPower DVR Remote Code Execution – remote code execution vulnerability exists in MVPower DVR devices. A remote attacker can exploit this weakness to execute arbitrary code in the affected router via a crafted request.

  2. ↔ Dasan GPON Router Authentication Bypass (CVE-2018-10561) – An authentication bypass vulnerability that exists in Dasan GPON routers. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system.

  3. HTTP Headers Remote Code Execution (CVE-2020-13756) – HTTP headers let the client and the server pass additional information with an HTTP request. A remote attacker may use a vulnerable HTTP Header to run arbitrary code on the victim machine.

Top Mobile Malwares

This month Hiddad is the most prevalent Mobile malware, followed by xHelper and Lotoor.

  1. Hiddad Hiddad is an Android malware which repackages legitimate apps and then releases them to a third-party store. Its main function is to display ads, but it can also gain access to key security details built into the OS.

  2. xHelper – xHelper is a malicious application seen in the wild since March 2019, used for downloading other malicious apps and display advertisement. The application is capable of hiding itself from the user and reinstalling itself in case it is uninstalled.

  3. Lotoor – Lotoor is a hack tool that exploits vulnerabilities on Android operating system in order to gain root privileges on compromised mobile devices.

Check Point’s Global Threat Impact Index and its ThreatCloud Map is powered by Check Point’s ThreatCloud intelligence, the largest collaborative network to fight cybercrime which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database inspects over 2.5 billion websites and 500 million files daily, and identifies more than 250 million malware activities every day.

The complete list of the top 10 malware families in October can be found on the Check Point Blog.

Follow Check Point Research via:
Blog: https://research.checkpoint.com/
Twitter: https://twitter.com/_cpresearch

About Check Point Research
Check Point Research provides leading cyber threat intelligence to Check Point Software customers and the greater intelligence community. The research team collects and analyzes global cyber-attack data stored on ThreatCloud to keep hackers at bay, while ensuring all Check Point products are updated with the latest protections. The research team consists of over 100 analysts and researchers cooperating with other security vendors, law enforcement and various CERTs.

About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading provider of cyber security solutions to governments and corporate enterprises globally. Check Point’s solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware and advanced targeted threats. Check Point offers a multilevel security architecture, “Infinity Total Protection with Gen V advanced threat prevention”, this combined product architecture defends an enterprise’s cloud, network and mobile devices. Check Point provides the most comprehensive and intuitive one point of control security management system. Check Point protects over 100,000 organizations of all sizes.

MEDIA CONTACT:INVESTOR CONTACT:
Emilie Beneitez LefebvreKip E. Meintzer
Check Point Software TechnologiesCheck Point Software Technologies
press@checkpoint.comir@us.checkpoint.com

FAQ

What malware topped the Global Threat Index for October 2020 according to Check Point?

Trickbot and Emotet were reported as the top malware in Check Point's Global Threat Index for October 2020.

How much did ransomware attacks against healthcare organizations increase in October 2020?

Ransomware attacks against healthcare organizations increased by 71% in the U.S. compared to September 2020.

What percentage of organizations were impacted by the MVPower DVR Remote Code Execution vulnerability?

The MVPower DVR Remote Code Execution vulnerability impacted 43% of organizations globally.

What are the main threats posed by Trickbot and Emotet?

Trickbot and Emotet are primarily used to distribute ransomware, targeting hospitals and healthcare providers globally.

Which organization issued warnings about ransomware attacks on the healthcare sector?

The FBI, along with other U.S. government agencies, issued warnings regarding ransomware attacks targeting the healthcare sector.

Check Point Software Technologies Ltd

NASDAQ:CHKP

CHKP Rankings

CHKP Latest News

CHKP Stock Data

20.86B
85.09M
22.63%
72.01%
2.89%
Software - Infrastructure
Technology
Link
United States of America
Tel Aviv