A Check Point has just released the Global Threat Index for the month of May, where the list of malware that most affected organizations globally and nationally in the past month is shared. In Angola, the highlight is the botnet Phorpiex and the trojan Proxy, responsible for reaching, together, the equivalent of almost 60% of Angolan companies.
The first has been active since 2010, being known for distributing other malware families via spam campaigns. In the case of Proxy, it is a trojan that targets the Windows platform, sending system information to a remote attacker.
Globally, Trickbot has gained popularity, reaching 8% of organizations globally. Capable of stealing banking information, account credentials and personal information, as well as spreading across a network and deploying ransomware, Trickbot is characterized by its wide versatility. It is constantly being updated with new features and attack vectors, allowing it to satisfy various malicious purposes.
At the national level, the highlight is, however, Phorpiex and Proxy, two malicious agents responsible for impacting 28% of Angolan organizations each.
Check Point reports that Trickbot, which first entered the index in April 2019, now ranks number one. Meanwhile, Dridex has completely disappeared from the top after being one of the most popular malware in recent months, as a result of the global increase in ransomware attacks. While it remains to be seen why it withdrew from the list, recent reports indicate that the Evil Corp group, known for distributing Dridex, has changed its attacking approach as a way to evade US Department of the Treasury sanctions.
Trickbot is a banking botnet and trojan capable of stealing banking information, account credentials and personal information, as well as spreading across a network and deploying ransomware, in particular Ryuk. It is constantly being updated with new capabilities, features and distribution vectors, which gives it a flexible and customizable character that allows its distribution through campaigns with multiple purposes.
“There's been a lot of talk about the recent increase in the number of ransomware attacks, but in fact, this sharp increase is seen in cyber attacks in general. It's a worrying trend," says Maya Horowitz, Director, Threat Intelligence & Research, Check Point Products. "It's refreshing to see charges filed for fighting Trickbot, the most prevalent malware in May, but there's clearly a long way to go. Organizations need to be aware of the risks and ensure they are armed with the right solutions, remembering that attacks can not only be detected, but prevented, including zero-day and unknown malware attacks. With the right technologies, most attacks, even the most advanced ones, can be prevented without interrupting the normal workflow.”
Check Point's Global Threat Impact Index and ThreatCloud Map base their information on ThreatCloudTM from Check Point, the world's largest collaborative cybercrime network, which provides information and trends on cyberattacks through a global network of threat sensors. ThreatCloud's database includes over 3 billion websites and 600 million files daily, identifying over 250 million malware activities daily.