According to Global Threat Index relating to the month of November, published by Check Point Software Technologies, the most dominant malware globally was FormBook, having impacted 3% of global organizations. In Portugal, the leading place was occupied by FakeUpdates, which harmed 4,93% of Portuguese organizations, and the telecommunications sector was the biggest target of cyberattacks.
Last month, Check Point investigators discovered a new AsyncRAT campaign in, where malicious HTML files were used to spread covert malware. AsyncRAT is a Remote Access Trojan (RAT) that has the ability to remotely monitor and control computer systems without being detected, using a variety of file formats, such as PowerShell and BAT, to perform process injection. This malware ranked sixth on November's top ten list.
In last month's AsyncRAT campaign, recipients received an email with an embedded link that, once clicked, triggered the download of a malicious HTML file. A sequence of events followed that allowed the malware to impersonate a trusted application, evading detection, explains Check Point.
Globally, the JavaScript downloader FakeUpdates rose to second place, after a two-month break in the top ten list, being surpassed only by FormBook. With a global impact of 2% in November, this malware's distribution structure uses compromised websites to trick users into executing fake browser updates. Finally, Remcos ranked third on the list, having impacted 2% of global organizations.
In Portugal, in the month of November, there was a new leadership in the main malware families, with FakeUpdates being the most dominant malware. FormBook and Remcos followed, according to the Check Point study.
“The November cyberthreats demonstrate how threat actors use seemingly innocuous methods to infiltrate networks. The rise of the AsyncRAT campaign and the resurgence of FakeUpdates highlight a trend in which attackers use deceptive simplicity to bypass traditional defenses.”, says Maya Horowitz, VP of Research at Check Point Software. “This underscores the need for organizations to adopt a layered security approach that is not just based on recognizing known threats, but also has the ability to identify, prevent and respond to new attack vectors before they cause harm.”.
Furthermore, the most attacked industry in the world continued to be the education/research sector, followed by the telecommunications sector and the public administration/defense sector. At a national level, the telecommunications industry ranked first as the most attacked sector in November, with the healthcare sector in second place on the podium and the utilities sector in third.
Regarding the main vulnerabilities exploited, “Command Injection Over HTTP” took first place, affecting 45% of organizations worldwide. This was followed by “Web Servers Malicious URL Directory Traversal”, with a global impact of 42% in November, and “Zyxel ZyWALL Command Injection (CVE-2023-28771)” in third place, with 41%.
In November, Anubis was the dominant mobile malware, with AhMyth and SpinOk in second and third place respectively.
