Health sector is the most affected in Portugal

Check Point Research has just released the monthly top malware report for the month of September 2022. CPR notes that while Formbook remains the most prevalent malware, impacting 3% of organizations worldwide, Vidar is now ranked eighth. , with seven places up from August. In Portugal the most prevalent malware was Vidar, which affected 13.2% of Portuguese organizations, the health sector was again the most affected sector.

Vidar is an infostealer designed to give threat actors backdoor access, allowing them to steal sensitive banking information, login credentials, IP addresses, browser history and cryptocurrency accounts from infected devices. The increase in its prevalence is due to a malicious campaign in which fake zoom websitessuch as zoomus[.]website and zoom-download[.]space, were used to lure unsuspecting users into downloading malware. The Formbook, an infostealer that targets the Windows OS, remains at number one.

Since the start of the war between Russia and Ukraine, CPR has continued to monitor the impact of cyberattacks on both countries. As the conflict intensifies, the CPR Global Threat Index for September saw a significant change in the “threat degree” of many Eastern European countries.

Threat grade represents how much an organization is under attack in a specific country compared to the rest of the world. During the month of September, Ukraine had jumped 26 places, Poland and Russia each climbed 18 places, and both Lithuania and Romania climbed 17 places, among others. All of these countries are now in the top 25, with the biggest degradation in their rankings taking place last month. Portugal, on the other hand, climbed 30 places on this list, going from place 77 to place 47.

“As the war on the ground continues, so does the war in cyberspace. It is probably no coincidence that the threat categories of many Eastern European countries have increased in the last month. All organizations are at risk and must switch to a preventive cybersecurity strategy before it’s too late. In terms of the most prevalent malware in September, it’s interesting to see Vidar jump into the top ten after a long absence. Zoom users need to be on the lookout for fraudulent links as this is how the Vidar malware has been distributed lately. Always be on the lookout for inconsistencies or misspelled words in the URL. If it looks suspicious, it probably is.”

Maya Horowitz, VP Research at Check Point.

CPR also revealed that “Web Server Exposed Git Repository Information Disclosure” is the most frequently exploited vulnerability, impacting 43% of organizations worldwide, followed closely by “Apache Log4j Remote Code Execution” which dropped from first to second. , with an impact of 42%. September also saw Education/Research remain the number one most attacked industry globally.

Top Malware Families in Portugal

*Arrows are related to the rank change from the previous month.

Portugal escaped the world trend with the life, what was the most widespread malware this month, with a 13.2% impact on national organizations, followed by Formbook It’s from NanoCore with 5.25% and 3.66% respectively.

1. ↑ Vidar – Vidar is an infostealer that targets Windows operating systems. First detected in late 2018, it is designed to steal passwords, credit card details and other sensitive information from various web browsers and digital wallets. Vidar is sold on various online forums and used as a malware dropper to download GandCrab ransomware as its secondary payload.

2. Formbook – Formbook is an Infostealer that targets Windows OS and was first spotted in 2016. It is marketed as Malware-as-a-Service (MaaS) on hacking forums underground for its strong evasion techniques and relatively low price. FormBook collects credentials from various web browsers, collects screenshots, monitors and records keystrokes, and can download and execute files according to your C&C orders.

3. ↑ NanoCore – NanoCore is a Remote Access Trojan that targets Windows OS users, it was first observed in 2013. All versions of RAT contain plugins and basic functionality such as screen capture, cryptocurrency extraction, remote control from desktop and webcam session swipe.

Top families worldwide

1. Formbook – Formbook is an Infostealer that targets Windows OS and was first spotted in 2016. It is marketed as Malware-as-a-Service (MaaS) on hacking forums underground for its strong evasion techniques and relatively low price. FormBook collects credentials from various web browsers, collects screenshots, monitors and records keystrokes, and can download and execute files according to your C&C orders.

2. ↑ XMRig –XMRig is an open-source CPU software used for mining Monero cryptocurrency. Threat authors often abuse this open-source software by bundling it into their malware to conduct illegal mining on victims’ devices.
3. ↓ AgentTesla- AgentTesla is an advanced RAT that works as a keylogger and password stealer that has been active since 2014. AgentTesla can monitor and collect input from victim’s keyboard and system clipboard, and can record screenshots and capture credentials for a variety of of software installed on a victim’s machine (including Google Chrome, Mozilla Firefox and Microsoft Outlook email client). AgentTesla is sold on various online marketplaces and hacking forums.

Main industries attacked worldwide

This month the Education/Research sector remained in first place as the most attacked industry worldwide, followed by Public Administration/Defense and Health Care.

1. Education/Research
2. Public Administration/Defense
3. Health care

Main industries attacked in Portugal

In Portugal, health is the most attacked industry, followed by Utilities and education/research

1. Health
2. Utilities
3. Education/Research

Main Vulnerabilities Exploited

This month, the “Web Server Exposed Git Repository Information Disclosure” is the most frequently exploited vulnerability, impacting 43% of organizations worldwide. is followed by “Apache Log4j Remote Code Execution” which dropped from first to second place and has a 42% impact on organizations. O “Linux System Files Information Disclosure” jumps to third place, with an overall impact of 40%.

1. ↑ Web Server Exposed Git Repository Information Disclosure – An information disclosure vulnerability has been reported in the Git Repository. Successful exploitation of this vulnerability could allow unintentional disclosure of account information.

2. ↓ Apache Log4j Remote Code Execution (CVE-2021-44228) – A remote code execution vulnerability exists in Apache Log4j. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.

3. ↑ Command Injection Over HTTP (CVE-2021-43936,CVE-2022-24086) – An Injection over HTTP vulnerability command was reported. A remote hacker could exploit this vulnerability by sending a specially crafted request to the victim. A successful exploit would allow a hacker to execute arbitrary code on the target machine.

Top Mobile Malwares

This month, the anubis jumped to the top spot as the most widespread mobile malware, followed by Hydra it’s the joker.

1. anubis – Anubis is a banking Trojan malware designed for Android mobile phones. Since it was initially detected, it has gained additional functions including Remote Access Trojan (RAT) functionality, keylogger and audio recording capabilities, as well as various rescue features. It has been detected in hundreds of different apps available on the Google Store.

2. Hydra – Hydra is a banking Trojan designed to steal financial credentials by asking victims for dangerous permissions.

3. joker -Joker is an Android Spyware present on Google Play, designed to steal SMS messages, contact lists and device information. Furthermore, the malware can also enroll the victim in paid premium services without their consent or knowledge.

Check Point’s Global Threat Impact Index and its Map ThreatCloud is powered by Check Point’s ThreatCloud intelligence. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors around the world, across networks, endpoints and mobile phones. Intelligence is enriched with AI-powered engines and exclusive research data from Check Point Research, The Intelligence & Research Arm of Check Point Software Technologies.

Follow all the technological updates on TecheNet through telegram. All the news in real time and without delays!

Other interesting articles: