SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
Story image
Check Point reveals Global Threat Index with Formbook as top malware
Mon, 16th Oct 2023

Check Point, a provider of cybersecurity solutions, has released its Global Threat Index for September. The comprehensive analysis reviewing the landscape of cyber threats identifies prevalent malware families and the most frequently exploited vulnerabilities.

In September, a significant Remcos phishing campaign targeted multiple facilities in Colombia, which resulted in Remcos surging in the list of top malware families. However, it fell just short of the top spot, which was occupied by the infostealer Formbook.

The Global Threat Index reported on a large-scale phishing campaign affecting over 40 firms in Colombia. Meanwhile, Formbook rose to prominence as the most prevalent malware following the downfall of Qbot in August. Education continues to be the most targeted industry.

Researchers discovered a substantial phishing campaign in September which targeted more than 40 significant companies across various sectors in Colombia. The purpose was to stealthily deliver the Remcos Remote Access Trojan (RAT) onto the victims' computers. Commanded remotely, Remcos RAT is a sophisticated 'Swiss Army Knife' Trojan that gives total control over the infected computer for a variety of attacks, including data theft, subsequent viruses, and account takeovers.

Last month also saw the displacement of Qbot from the top malware list after the FBI seized the botnet's control in August, marking the end of its stint as the most prevalent malware. Having dominated the chart for much of 2023, Qbot's absence significantly altered the malware landscape.

Maya Horowitz, VP of Research at Check Point Software, stated, "The campaign that we uncovered in Colombia offers a glimpse into the intricate world of evasion techniques employed by attackers. It is also a good illustration of how invasive these techniques are and why we need to employ cyber resilience to guard against a variety of attack types."

Furthermore, the Global Threat Index revealed that Web Servers Malicious URL Directory Traversal was the most exploited vulnerability last month, affecting 47% of global organisations. It was followed by Command Injection Over HTTP which impacted 42% of firms, and Zyxel ZyWALL Command Injection, which occurred in 39% of the entities.

The most prevalent malware last month was Formbook, impacting 3% of organisations worldwide. It was closely followed by Remcos and Emotet, each having a global impact of 2%.

The most popular industries targeted last month were, in order: Education/Research, Communications, and Government/Military. Meanwhile, Anubis, AhMyth, and SpinOk were the top mobile malware.

Check Point's Global Threat Impact Index and its ThreatCloud Map utilise real-time threat intelligence from hundreds of millions of sensors worldwide. The intelligence is reinforced with AI-based engines and unique research data from Check Point Research, the research arm of Check Point Software Technologies. The complete list of the top ten malware families in September can be found on the Check Point blog.