Trojans Continue to Wreak Havoc On Internet
Top malware to watch in 2020 Here’s this year’s biggest cybersecurity threats on the internet:
Emotet
Emotet is today’s most dangerous, costly and destructive malware to date. Emotet “functions as a downloader or dropper of other banking trojans,” per the Center for Internet Security (CIS). Spreading through e-mails with phishing content, this malware type is also able to infect entire networks quickly by collecting and exploiting contacts.
Kovter
Kovter is a family of malware that appeared in 2014 but has changed its skin quite a few times. In the beginning, it was mostly ransomware and tricking users by making them think they were being fined by law enforcement. Then it reappeared as a click-fraud malware using code injection to grab information and sending it back to the malicious hackers. Later, it resurfaced as fileless malware, using installation of autorun registry entries, and then as part of several phishing campaigns.
Today, Kovter is ranked among the most prolific malware over the past few years. It is commonly distributed via attachments that once clicked installs a shell code that is used to infect the target.
Ryuk
Ryuk is a prevalent ransomware which is often dropped on a system by other malware (e.g., TrickBot) and can be extremely costly and destructive. It uses RSA and AES encryption algorithms with a unique key for each executable. Ryuk’s campaigns have been used for attacks against large organizations and government agencies for a high-ransom return.
Zeus
Zeus, the most widespread banking malware, is distributed primarily via spam or phishing campaigns (or drive-by downloads). Using keystroke logging, hackers easily steal banking credentials from users of compromised systems.
It is not a recent Trojan; it was actually identified in 2007 during an attack on the US Department of Transportation. However, it brought the greatest damage two years later with its use against Cisco, Amazon, Oracle and Bank of America.
Presently, the Zeus botnet is believed to be one of the most pervasive and damaging banking Trojan variants to date. As this malicious code can be easily enhanced or modified for future attacks, Zeus lives on today, as “many other malware variants have adopted parts of its codebase.”
Dridex
Dridex is another banking Trojan that is also known as Bugat or Cridex. It targets financial information via phishing and mail spam that allows unauthorized transfers from a victims’ bank account. In 2019, this malware impacted numerous countries resulting in both data and monetary loss.
The Dridex botnet first appeared in 2012 and by 2015 had become one of the most prevalent financial Trojans. According to the US-CERT Alert (AA19-339A), Dridex has re-emerged with new attack tactics: it is now used as an implant in the infection chain alongside the Bitpaymer and DoppelPaymer ransomware and targets any small to medium-sized organizations which are at risk.
The malware and its various iterations have become infamous for personalized and targeted hits against the financial services sector, including both banking institutions and customers, according to the Department of Homeland Security. It has also been used in combination with ransomware attacks against a number of online financial operations infecting users downloading Dridex malware onto the affected system.
Trickbot
Trickbot is one of the more recent banking Trojans targeting Windows machines and already updated several times in order to be more and more effective in stealing personal data and bank credentials. In the last couple of years, it has improved its ability to hide itself and be more difficult to detect. It now spreads in multiple ways, not only via phishing but also as a secondary payload, via connected, infected systems (a corporate network for example) as observed in the steady amount of detections throughout 2019 mentioned in the Malwarebytes Labs 2020 State of Malware Report.
The way it attacks is often through an email that links to a file on Google Docs. Users are led to believe the document is a PDF, but in reality, the file is executable. Once activated, it shows a fake error message that informs users that the file is not available while acting undisturbed in the background.
“Since inception in late 2016, the TrickBot banking trojan has continually undergone updates and changes in attempts to stay one step ahead of defenders and internet security providers,” writes Webroot. “The TrickBot authors continue to target various financial institutions across the world, using MS17-010 exploits in an attempt to successfully laterally move throughout a victim’s network.” This makes it a serious risk for businesses.
Malware trends
Malware is going strong and threatening our systems more and more. According to AV-Test Institute, over 15 million new pieces of malware are spotted every month. But what are the types that are actually being used the most and are expected to plague the internet in 2020?
Ransomware is always evolving. Lately, malicious hackers are not only hijacking accounts and demanding money to unblock them; they are also exposing sensitive stolen data if users don’t comply promptly. Maze Ransomware (identified by the TA2101) is an example of such an attack. It was used against security staffing firm Allied Universal and resulted in exposure of 10% of the stolen files. They told Binary Defense, which said: “The threat actors reached out directly to Bleeping Computer, informing them of the infection and details on what happened.”
Trojans continue to move forward as a modern threat. Trojans like Emotet are still a serious threat to businesses due to their persistence and ease of network propagation. Lately, they have been distributed especially through macro-enabled documents of common types (such as Word and Excel).
Fileless malware attacks will also become more commonplace in 2020, and Malwarebytes Labs has observed a growing number of exploit kits in fall 2019. Organized crime groups are also expanding their operations to include using fileless ransomware to ensure their malicious attacks work; Kovter and WannaMine are examples of this type of malware that are causing an increasing number of infections.
The comments are owned by the poster. We aren't responsible for its content.