Check Point 軟件技術有限公司(納斯達克股票代碼:CHKP)發布其最新1月份網絡威脅指數。Check Point Research指出,惡意網路釣魚電子郵件活動在1月下旬激增,每週有超過400多封以情人節為主題的惡意網路釣魚電子郵件。
香港1月份主要惡意軟件
研究人員報告顯示,儘管在1月27日國際警察組織在行動中控制了殭屍網路,但Emotet連續第二個月在惡意軟件排行榜上保持第一位,影響全球6%的組織。
以下是香港1月份首10個惡意軟件。之於全球的排名列表,你可於此瀏覽。
- Emotet 仍然是本月最流行的惡意軟件,影響全球6%的組織,緊隨其後的是 Phorpiex 和 Trickbot,它們影響了全球4%的組織。
- 「MVPower DVR遠端代碼執行」是本月份最常見的漏洞,影響全球 43% 的組織,其次是「HTTP 標頭遠程代碼執行 (CVE-2020-13756)」,影響全球 42% 的組織。「Dasan GPON 路由器身份驗證繞過 (CVE-2018-10561)」在受利用漏洞排名第三,全球影響為 41%。
- 本月,Hiddad 在最普遍的流動移動惡意軟件中位第一,緊隨其後的是 xHelper 和 Triada。
Check Point 產品威脅情報與研究總監 Maya Horowitz 表示:「 Emotet 是有史以來成本最大及最具破壞性的惡意軟件變種之一,因此與執法機構聯手合作將它擊落是非常重要,也是一項重大的成就。然而,新的威脅將無可避免地出現以取代它,所以機構仍然需要確保有強大的保安系統,以防止其網络受到攻擊。一如既往,對員工的全面培訓是十分重要,讓他們能夠識別能夠散播隱蔽木馬和Bot的惡意電子郵件類型。」
以情人節為主題的惡意網路釣魚電子郵件
Check Point Research 的保安專家指出,以情人節為主題的惡意網路釣魚電子郵件活動激增,你可於此閱讀完整的文章。
- 惡意網路釣魚電子郵件活動在1月下旬激增,每週有超過400多封以情人節為主題的惡意網路釣魚電子郵件。
- 以情人節為主題的新註冊域名數量激增。在 23,000 個新域中,被發現是惡意的有0.5% (115 個),而可疑的則有1.8% (414個)。
- 在1月份的情人節相關域名注冊數量增加了29%。
| 香港1月份主要惡意軟件 | |||
| 惡意軟件 | 簡介 | 影響全球機構百份比 | 影響香港機構百份比 |
| Trickbot | Trickbot is a modular Banking Trojan that targets the Windows platform, mostly delivered via spam campaigns or other malware families such as Emotet. Trickbot sends information about the infected system and can also download and execute arbitrary modules from a large array of available modules: from a VNC module for remote control, to an SMB module for spreading within a compromised network. Once a machine is infected, the Trickbot gang, the threat actors behind this malware, utilize this wide array of modules not only to steal banking credentials from the target PC, but also for lateral movement and reconnaissance on the targeted organization itself, prior to delivering a company-wide targeted ransomware attack. | 3.67% | 9.53% |
| Parite | Parite is a polymorphic virus which infects executable files (EXE and SCR) on the infected host and on network drive. It drops a malicious DLL file into the Windows temporary directory which is injected into the explorer.exe process when an infected file is executed. | 0.70% | 4.88% |
| XMRig | First seen in the wild in May 2017, XMRig is an open-source CPU mining software used to mine Monero cryptocurrency. | 3.23% | 3.02% |
| Ramnit | Ramnit is a banking Trojan which incorporates lateral movement capabilities. Ramnit steals web session information, enabling the worm operators to steal account credentials for all services used by the victim, including bank accounts, corporate and social networks accounts. | 1.57% | 2.79% |
| MyDoom | MyDoom is a worm that targets windows platform and was first seen in the wild on January 2004. MyDoom is considers to be the fastest and one of the most severe worms in history. It spreads via email, and by exploiting vulnerabilities. When executed, MyDoom gathers information including email addresses, user and domain names from the affected system’s Windows Address Book and Temporary Internet Files folder, in order to create more email address for it’s own benefit. | 0.77% | 2.56% |
| Phorpiex | Phorpiex is a botnet (aka Trik) has been since 2010 and at its peak controlled more than a million infected hosts. Known for distributing other malware families via spam campaigns as well as fueling large-scale spam and sextortion campaigns. | 3.92% | 2.56% |
| Formbook | First detected in 2016, FormBook is an InfoStealer that targets the Windows OS. It is marketed as MaaS in underground hacking forums for its strong evasion techniques and relatively low price. FormBook harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files according to orders from its C&C. | 2.79% | 2.56% |
| Wannamine | WannaMine is a sophisticated Monero crypto-mining worm that spreads via the EternalBlue exploit. WannaMine implements its spreading mechanism and persistence techniques by leveraging Windows Management Instrumentation (WMI) permanent event subscriptions. | 0.41% | 1.40% |
| Dridex | Dridex is a Banking Trojan that targets the Windows platform, observed delivered by spam campaigns and Exploit Kits, which relies on WebInjects to intercept and redirect banking credentials to an attacker-controlled server. Dridex contacts a remote server, sends information about the infected system and can also download and execute additional modules for remote control. | 3.28% | 1.16% |
| Snojan | Snojan is a Trojan that targets the Windows platform. This malware steals credentials, cookies and history stored by web browsers such as Chrome and Firefox. It then uploads the files which contain the stolen information to the remote server. In order to survive system reboots, it adds a value to the Run key in the Registry. | 0.36% | 1.16% |
| Tiggre | Tiggre is a Trojan-type program that targets the Windows platform. The malware is designed to delete, block, modify, or copy data and disrupt computer or network performance. The malware masquerades as a legitimate file or software. | 0.27% | 1.16% |
這篇文章 Check Point 1月份網絡威脅指數 最早出現於 TechApple.com。