A spam campaign that targeted over 100,000 users a day over Christmas and New Year has seen Emotet secure its spot as the most prolific malware threat.
Analysis by cybersecurity company Check Point suggests that Emotet was used to target 7% of organisations around the world during December.
Emotet has been active since 2014 and is regularly updated by its authors in order to maintain its effectiveness. The malware started life as a banking trojan but has evolved to become much more than that, providing a complete backdoor onto compromised machines that can then be sold on to other cyber criminals to infect victims with additional malware – including ransomware.
SEE: Network security policy (TechRepublic Premium)
While Emotet has worm-like capabilities that allows it to move onto other machines on the same network as the initial victim, it also spreads via the use of phishing emails. But no matter how it arrives, Emotet is excellent at maintaining persistence while also avoiding detection, meaning victims will often have no idea that they've been compromised until it's far too late.
"Emotet was originally developed as banking malware that sneaked on to users' computers to steal private and sensitive information. However, it has evolved over time and is now seen as one of the most costly and destructive malware variants," said Maya Horowitz, director of threat intelligence and research at Check Point.
"It's imperative that organizations are aware of the threat Emotet poses and that they have robust security systems in place to prevent a significant breach of their data. They should also provide comprehensive training for employees, so they are able to identify the types of malicious emails that spread Emotet," she added.
Banking trojan Trickbot is the second most dominant form of malware as we enter 2021. Like Emotet, it's constantly updated with new capabilities and features, including the ability to customise the malware that allows it to be used in all manner of cyber-intrusion campaigns. Like Emotet, Trickbot has become more than a banking trojan and is often installed on systems as a means of providing a gateway to install ransomware.
Credential-harvesting malware Formbook was the third most detected malware threat over the reporting period. Formbook is sold on dark web forums at relatively low cost but provides cyber-criminal users with everything they need for a powerful information-stealing campaign; it harvests usernames and passwords from browsers, collects screenshots, monitors and logs keystrokes, and more.
SEE: SolarWinds hires Chris Krebs and Alex Stamos as part of security review
According to Check Point, Trickbot and Formbook campaigns were each detected attempting to infiltrate the networks of 4% of organisations around the world.
Other prominent malware during December included Dridex trojan, XMRig cryptocurrency mining malware and Hiddad Android malware.
One of the best ways for businesses to help prevent falling victim to malware attacks is to ensure the latest security patches are applied across the network as this will prevent cyberattackers from being able to take advantage of the known vulnerabilities that cyber criminals exploit to deliver malware.