Check Point Research (CPR), the Threat Intelligence arm of Check Point Software Technologies, a leading provider of cyber security solutions globally, has published its latest Global Threat Index for May 2021. Researchers reported that Trickbot trojan continues to target an increasing number of organizations every month in the UAE, impacting an imposing 15% in May 2021 as compared to 9% in April 2021. Floxif, an info stealer and backdoor designed for Windows OS which was used in 2017 as part of a large scale campaign in which attackers inserted Floxif (and Nyetya) into the free version of CCleaner (a cleanup utility), thus infecting more than 2 million users, amongst them large tech companies such as Google, Microsoft, Cisco, and Intel, now shows an increase in activity as it targets close to 5% of users in the UAE as compared to 2% in April 2021.
Taking first place in the index is Trickbot, which is a botnet and banking Trojan that can steal financial details, account credentials, and personally identifiable information, as well as spread within a network and drop ransomware, particularly Ryuk. It is constantly being updated with new capabilities, features and distribution vectors, which enables it to be a flexible and customizable malware that can be distributed as part of multi-purpose campaigns. Trickbot gained popularity after the takedown of the Emotet botnet in January, and made fresh headlines this week as the US Justice Department charged a Latvian woman for her role in creating and deploying the Trickbot malware.
Since the beginning of 2021, CPR has seen a significant increase in the volume of cyberattacks towards enterprises. When comparing to May 2020 CPR has seen an increase of 97% in the number of cyberattacks in the EMEA.
“Although there have been a lot of talks about the recent increase in ransomware attacks, we are actually seeing a huge surge in the number of cyberattacks in general. This trend is very extensive and concerning,” said Ram Narayanan, Country Manager, Check Point Software Technologies Middle East. “It’s reassuring to see that charges have been filed in the fight against Trickbot, this month’s most prevalent malware, but clearly there is still a long way to go. The fact that this trojan is incrementally affecting more and more organizations every month in the UAE shows how sophisticated and relentless cyber criminals are in developing their actions. Businesses need to be aware of the risks and ensure adequate solutions are in place, but also remember that attacks cannot only be detected, they can also be prevented, including zero-day attacks and unknown malware. With the right technologies in place, the majority of attacks, even the most advanced ones can be prevented without disrupting the normal business flow.”
CPR also revealed that “Web Server Exposed Git Repository Information Disclosure” is still the most common exploited vulnerability, affecting 48% of organizations globally, followed by “HTTP Headers Remote Code Execution (CVE-2020-13756)” which impacts 47.5% of organizations worldwide. “MVPower DVR Remote Code Execution” ranks in third place in the top exploited vulnerabilities list, with a global impact of 46%.