October 2022’s Most Wanted Malware: AgentTesla Knocks Formbook off Top Spot and New Text4Shell Vulnerability Disclosed
Check Point Research has revealed a significant rise in Lokibot attacks, which moved to third place among malware for the first time in five months. AgentTesla remained the most prevalent malware, affecting 7% of organizations globally. A new critical vulnerability, Text4Shell, impacting the Apache Commons Text library, was also disclosed. The Education/Research sector continues to be the most attacked industry, followed by Government/Military and Healthcare. The most commonly exploited vulnerabilities include Web Server Exposed Git Repository Information Disclosure, affecting 43% of organizations.
- Lokibot's rise suggests heightened awareness of cybersecurity and potential for Check Point's products to gain traction.
- AgentTesla remains the most widespread malware, indicating ongoing demand for effective cybersecurity solutions.
- Lokibot reaching the third spot highlights a growing trend in phishing attacks, which may increase the demand for cybersecurity services.
- The disclosure of the new Text4Shell vulnerability may lead to increased security risks for organizations.
Check Point Research reports a significant increase in Lokibot attacks in October, taking it to third place for the first time in five months. New vulnerability, Text4Shell, was disclosed for the first time, and AgentTesla took the top spot as the most prevalent malware
SAN CARLOS, Calif., Nov. 08, 2022 (GLOBE NEWSWIRE) -- Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cybersecurity solutions globally, has published its latest Global Threat Index for October 2022. This month saw keylogger AgentTesla take first place as the most widespread malware, impacting
Lokibot is a commodity infostealer that is designed to harvest credentials from a variety of applications including: web browsers, email clients and IT administration tools. As a trojan, its goal is to sneak, undetected onto a system by masquerading as a legitimate program. It can be distributed through phishing emails, malicious websites, SMS, and other messaging platforms. This rise in popularity can be explained by the increase in spam campaigns themed around online inquiries, orders, and payment confirmation messages.
October also saw disclosure of a new critical vulnerability, Text4Shell, (CVE-2022-42889). Based on the Apache Commons Text’s functionality, this allows attacks over a network, without the need for any specific privileges or user interaction. Text4shell is reminiscent of the Log4Shell vulnerability, which is still one year on, one of the major threats, ranking at number two in the October list. Although Text4Shell did not make the list of top vulnerabilities exploited this month, it has already impacted over
“We saw a lot of change in the rankings this month, with a new set of malware families making up the big three. It is interesting that Lokibot has climbed back to the third spot so quickly, which shows an increasing trend towards phishing attacks. As we head into November, which is a busy buying period, it is important that people remain vigilant and keep an eye out for suspicious emails that could be carrying malicious code. Be aware of signs such as an unfamiliar sender, request for personal information and links. If in doubt, visit websites directly and find the appropriate contact information from verified sources, and make sure you have malware protection installed,” said Maya Horowitz, VP Research at Check Point Software.
CPR also revealed that “Web Server Exposed Git Repository Information Disclosure” is the most common exploited vulnerability, impacting
Top Malware Families
*The arrows relate to the change in rank compared to the previous month.
AgentTesla was the most widespread malware this month impacting
- ↑ AgentTesla - AgentTesla is an advanced RAT functioning as a keylogger and information stealer. It is capable of monitoring and collecting the victim’s keyboard input, system keyboard, taking screenshots and exfiltrating credentials to a variety of software installed on a victim’s machine (including Google Chrome, Mozilla Firefox and Microsoft Outlook).
- ↑ SnakeKeylogger- SnakeKeylogger is a modular .NET keylogger and credential stealer first spotted in November 2020. Its primary function is to record user’s keystrokes and transmit collected data to threat actors. It poses a major threat to a user's online safety as this malware can steal all kinds of sensitive information and is particularly evasive.
- ↑Lokibot- Lokibot is an Info Stealer distributed mainly by phishing emails and is used to steal various data such as email credentials, as well as passwords to Crypto Coin wallets and FTP servers.
Top Attacked Industries Globally
In October, the Education/Research sector remained in first place as the most attacked industry globally, followed by Government/Military and Healthcare.
- Education/Research
- Government/Military
- Healthcare
Top exploited vulnerabilities
This month “Web Server Exposed Git Repository Information Disclosure” remains the most commonly exploited vulnerability, impacting
- ↔ Web Server Exposed Git Repository Information Disclosure - An information disclosure vulnerability has been reported in Git Repository. Successful exploitation of this vulnerability could allow unintentional disclosure of account information.
- ↔ Apache Log4j Remote Code Execution (CVE-2021-44228) – A remote code execution vulnerability exists in Apache Log4j. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.
- ↑ HTTP Headers Remote Code Execution (CVE-2020-10826,CVE-2020-10827,CVE-2020-10828,CVE-2020-13756) - HTTP headers let the client and the server pass additional information with a HTTP request. A remote attacker may use a vulnerable HTTP Header to run arbitrary code on the victim’s machine.
Top Mobile Malwares
This month, Anubis held onto first place as the most prevalent mobile malware, followed by Hydra and Joker.
- Anubis – Anubis is a banking Trojan malware designed for Android mobile phones. Since it was initially detected, it has gained additional functions including Remote Access Trojan (RAT) functionality, keylogger and audio recording capabilities as well as various ransomware features. It has been detected on hundreds of different applications available in the Google Store.
- Hydra – Hydra is a banking Trojan designed to steal finance credentials by requesting victims to enable dangerous permissions.
- Joker – Joker is an Android spyware in Google Play, designed to steal SMS messages, contact lists and device information. The malware can also sign the victim up for paid premium services without their consent or knowledge.
Check Point’s Global Threat Impact Index and its ThreatCloud Map is powered by Check Point’s ThreatCloud intelligence. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide, over networks, endpoints and mobiles. The intelligence is enriched with AI-based engines and exclusive research data from Check Point Research, the intelligence and research arm of Check Point Software Technologies.
The complete list of the top ten malware families in October can be found on the Check Point blog.
Follow Check Point Research via:
Blog: https://research.checkpoint.com/
Twitter: https://twitter.com/_cpresearch
About Check Point Research
Check Point Research provides leading cyber threat intelligence to Check Point Software customers and the greater intelligence community. The research team collects and analyzes global cyber-attack data stored on ThreatCloud to keep hackers at bay, while ensuring all Check Point products are updated with the latest protections. The research team consists of over 100 analysts and researchers cooperating with other security vendors, law enforcement and various CERTs.
About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading provider of cybersecurity solutions to corporate enterprises and governments globally. Check Point Infinity’s portfolio of solutions protects enterprises and public organisations from 5th generation cyberattacks with an industry leading catch rate of malware, ransomware and other threats. Infinity comprises four core pillars delivering uncompromised security and generation V threat prevention across enterprise environments: Check Point Harmony, for remote users; Check Point CloudGuard, to automatically secure clouds; and Check Point Quantum, to protect network perimeters and datacenters, all controlled by the industry’s most comprehensive, intuitive unified security management; Check Point Horizon, a prevention-first security operations suite. Check Point protects over 100,000 organizations of all sizes.
MEDIA CONTACT: | INVESTOR CONTACT: | |
Emilie Beneitez Lefebvre | Kip E. Meintzer | |
Check Point Software Technologies | Check Point Software Technologies | |
press@checkpoint.com | ir@us.checkpoint.com |
FAQ
What is Check Point's stock symbol?
What is the significance of Lokibot's rise in attacks?
Which industry was most attacked in October?
What are the top exploited vulnerabilities reported by Check Point?