Check Point Software Technologies has published its latest Global Threat Index for October 2022, revealling the latest in cyber threat news.
This month saw keylogger AgentTesla take first place as the most widespread malware, impacting 7% of organisations worldwide. There was a significant increase in the number of attacks from the infostealer Lokibot, which reached the third spot for the first time in five months. On top of this, Text4Shell, a new vulnerability affecting the Apache Commons Text library, was disclosed.
Lokibot is a commodity infostealer that is designed to harvest credentials from a variety of applications including: web browsers, email clients and IT administration tools. As a trojan, its goal is to sneak, undetected onto a system by masquerading as a legitimate program. It can be distributed through phishing emails, malicious websites, SMS, and other messaging platforms.
According to Check Point, its rise in popularity can be explained by the increase in spam campaigns themed around online inquiries, orders, and payment confirmation messages.
October also saw disclosure of a new critical vulnerability, Text4Shell, (CVE-2022-42889). Based on the Apache Commons Texts functionality, this allows attacks over a network, without the need for any specific privileges or user interaction.
Text4shell is reminiscent of the Log4Shell vulnerability, which is still one year on, one of the major threats, ranking at number two in the October list. Although Text4Shell did not make the list of top vulnerabilities exploited this month, it has already impacted over 8% of organisations worldwide, Check Point states.
Maya Horowitz, VP Research at Check Point Software, says, “We saw a lot of change in the rankings this month, with a new set of malware families making up the big three. It is interesting that Lokibot has climbed back to the third spot so quickly, which shows an increasing trend towards phishing attacks.
"As we head into November, which is a busy buying period, it is important that people remain vigilant and keep an eye out for suspicious emails that could be carrying malicious code. Be aware of signs such as an unfamiliar sender, request for personal information and links. If in doubt, visit websites directly and find the appropriate contact information from verified sources, and make sure you have malware protection installed.”
It was also revealed that Web Server Exposed Git Repository Information Disclosure is the most common exploited vulnerability, impacting 43% of organisations worldwide, closely followed by Apache Log4j Remote Code Execution, with an impact of 41%.
October also saw Education/Research remain in first place as the most attacked industry globally.
When it comes to mobile malwares, this month, Anubis held onto first place as the most prevalent mobile malware, followed by Hydra and Joker.
- Anubis: Anubis is a banking Trojan malware designed for Android mobile phones. Since it was initially detected, it has gained additional functions including Remote Access Trojan (RAT) functionality, keylogger and audio recording capabilities as well as various ransomware features. It has been detected on hundreds of different applications available in the Google Store.
- Hydra: Hydra is a banking Trojan designed to steal finance credentials by requesting victims to enable dangerous permissions.
- Joker: Joker is an Android spyware in Google Play, designed to steal SMS messages, contact lists and device information. The malware can also sign the victim up for paid premium services without their consent or knowledge.
Check Point’s Global Threat Impact Index and its ThreatCloud Map is powered by Check Point's ThreatCloud intelligence. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide, over networks, endpoints and mobiles. The intelligence is empowered with AI-based engines and research data from Check Point Research, The intelligence and research Arm of Check Point Software Technologies.