The Remcos Trojan has returned to the prime 10 listing (in eighth place) of most wanted malware by Look at Level Software for the first time considering that December 2022.
In accordance to the most recent report published by the firm previously right now, risk actors employed Remcos extensively in February to focus on Ukrainian federal government entities by phishing attacks.
The analysis document also clarifies that, general, weekly attacks concentrating on Ukraine have lessened by 44% concerning October 2022 and February 2023.
“While there has been a reduce in the quantity of politically enthusiastic attacks on Ukraine, they continue to be a battleground for cyber-criminals,” defined Maya Horowitz, VP of analysis at Check Position Software package, commenting on the report’s results.
“Hacktivism has normally been substantial on the agenda for danger actors because the Russo-Ukrainian war commenced, and most have favored disruptive attack techniques these types of as DDoS to garner the most publicity.”
Horowitz included that recent attacks against Ukrainian targets applied a a lot more standard attack route, these as phishing scams, to get info and extract details.
“It’s important that all companies and authorities bodies comply with risk-free security techniques when receiving and opening e-mail. Do not down load attachments without scanning the qualities initial. Prevent clicking on inbound links inside of the entire body of the email, and test the sender deal with for any abnormalities this kind of as more people or misspellings.”
Qbot retained its main placement in the listing, followed by the Formbook infostealer and the infamous Emotet trojan – both of those of which climbed ranks in comparison to Check out Point’s January report.
Banking trojan Anubis also retained its place as major cellular malware, followed by Hiddad (a malware tool designed to repackage apps with excess adverts) and the AhMyth RAT.
The vulnerability most exploited in the wild in February was the web server destructive URL directory traversal, replacing the web server flaw that exposed GitHub repository information and facts in Oct 2022. The Apache Log4j distant code execution vulnerability (CVE-2021-44228) took the third location.
Some parts of this report are sourced from: