Check Point 12月份網絡威脅指數
全球領先網絡安全解決方案供應商 Check Point® 軟件技術有限公司(納斯達克股票代碼:CHKP)發布其最新12月份網絡威脅指數。研究人員指出,由於假期間每天攻擊超過 100,000 名使用者的垃圾郵件攻擊活動,Emotet再度成為惡意軟件排行榜榜首,影響了全球 7% 的機構組織。
以下是香港12月份首10個惡意軟件。之於全球的排名列表,你可於此瀏覽。
- Emotet 在2020 年 9 月和 10 月一直居於全球威脅指數榜榜首,並與勒索軟件攻擊有密切的關連。但到了 11 月,其活躍程度明顯下降,跌至指數榜的第 5 位。
- 研究人員表示,該木馬已更新並添加了新的惡意有效負載和已改進的規避檢測功能:最新版本建立了一個對話框,可幫助逃避用戶檢測。Emotet的全新惡意垃圾郵件攻擊活動利用不同的傳播技術來傳播散播 Emotet,包括嵌入式連結、文件檔案的附件或受密碼保護的壓縮檔。
- Emotet 於 2014 年首次被發現,並由開發人員進行定期更新,以保持其惡意活動威力。美國國土安全部估計,每件有關Emotet所引起的事件均需機構耗費100多萬美元來消除影響。
Check Point 產品威脅情報與研究總監 Maya Horowitz 表示:「 Emotet 最初被開發為銀行惡意軟件,以潛入用戶電腦竊取私人和敏感資訊。 但它一直不斷演化,現在已被視為造成損失最嚴重而破壞性最大的惡意軟件變體之一。 各個機構必須充分意識到 Emotet 所構成的威脅,並建立強大的保安系統來防止嚴重的數據洩露。 此外,他們亦應為員工提供全面的培訓,以便其準確識別傳播 Emotet 的惡意電子郵件類型。」
| 香港12月份主要惡意軟件 |
| 惡意軟件 | 簡介 | 影響全球機構百份比 | 影響香港機構百份比 |
| Trickbot | Trickbot is a modular Banking Trojan that targets the Windows platform, mostly delivered via spam campaigns or other malware families such as Emotet. Trickbot sends information about the infected system and can also download and execute arbitrary modules from a large array of available modules: from a VNC module for remote control, to an SMB module for spreading within a compromised network. Once a machine is infected, the Trickbot gang, the threat actors behind this malware, utilize this wide array of modules not only to steal banking credentials from the target PC, but also for lateral movement and reconnaissance on the targeted organization itself, prior to delivering a company-wide targeted ransomware attack. | 4.29% | 9.05% |
| Formbook | First detected in 2016, FormBook is an InfoStealer that targets the Windows OS. It is marketed as MaaS in underground hacking forums for its strong evasion techniques and relatively low price. FormBook harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files according to orders from its C&C. | 4.26% | 6.03% |
| QQPass | QQPass is a password stealer Trojan targeting Windows platform. This malware steals user credentials related to the QQ chat client and transfers them to a remote server. | 0.45% | 5.10% |
| Dridex | Dridex is a Banking Trojan that targets the Windows platform, observed delivered by spam campaigns and Exploit Kits, which relies on WebInjects to intercept and redirect banking credentials to an attacker-controlled server. Dridex contacts a remote server, sends information about the infected system and can also download and execute additional modules for remote control. | 4.06% | 3.25% |
| Ramnit | Ramnit is a banking Trojan which incorporates lateral movement capabilities. Ramnit steals web session information, enabling the worm operators to steal account credentials for all services used by the victim, including bank accounts, corporate and social networks accounts. | 1.83% | 3.25% |
| XMRig | First seen in the wild in May 2017, XMRig is an open-source CPU mining software used to mine Monero cryptocurrency. | 2.93% | 3.02% |
| Parite | Parite is a polymorphic virus which infects executable files (EXE and SCR) on the infected host and on network drive. It drops a malicious DLL file into the Windows temporary directory which is injected into the explorer.exe process when an infected file is executed. | 0.44% | 2.55% |
| Qbot | Qbot AKA Qakbot is banking Trojan that first appeared in 2008, designed to steal user¿s banking credentials and keystrokes.Often distributed via spam email, Qbot employs several anti-VM, anti-debugging, and anti-sandbox techniques, to hinder analysis and evade detection. | 2.71% | 2.32% |
| Pykspa | Worm that spreads itself by sending instant messages to contacts on Skype. It extracts personal user information from the machine and communicates with remote servers by using a Domain Generation Algorithms (DGA). | 1.21% | 2.32% |
| Wannamine | WannaMine is a sophisticated Monero crypto-mining worm that spreads via the EternalBlue exploit. WannaMine implements its spreading mechanism and persistence techniques by leveraging Windows Management Instrumentation (WMI) permanent event subscriptions. | 0.45% | 1.62% |
| RigEK | Rig EK was first introduced in April 2014. It has since received several large updates and continues to be active to this day. In 2015, as result of an internal feud between its operators, the source code was leaked and has been thoroughly investigated by researchers. Rig delivers Exploits for Flash, Java, Silverlight and Internet Explorer. The infection chain starts with a redirection to a landing page that contains JavaScript that checks for vulnerable plug-ins and delivers the exploit. | 1.90% | 1.62% |