On top of having robust security systems in place, organizations need to conduct regular staff training to prevent susceptibility to phishing.
After months of a relatively stable hall of infamy, Check Point’s Threat Index for March 2021 has a new entrant.
Researchers report that the IcedID banking trojan has entered the list, taking second place. First seen in 2017, IcedID had been spreading rapidly in March via several spam campaigns, affecting 11% of organizations globally.
One widespread campaign involved a pandemic-related theme to entice new victims into opening malicious email attachments; the majority of these attachments are Microsoft Word documents with a malicious macro used to insert an installer for IcedID. Once installed, the trojan then attempts to steal account details, payment credentials, and other sensitive information from users’ smart devices. IcedID also uses other malware to proliferate, and has been used as the initial infection stage in ransomware operations.
Said the firm’s Director of Threat Intelligence & Research, Products, Maya Horowitz: “IcedID has been around for a few years now but has recently been used widely, showing that cybercriminals are continuing to adapt their techniques to exploit organizations, using the pandemic as a guise. It is a particularly evasive trojan that uses a range of techniques to steal financial data. Comprehensive training for all employees is crucial, so they are equipped with the skills needed to identify the types of malicious emails that spread IcedID and other malware.”
Top malware families
For March 2021, Dridex is the most popular malware with a global impact of 16% of organizations, followed by IcedID and Lokibot affecting 11% and 9% of organizations worldwide respectively.
- Dridex
- IcedID
- Lokibot
Top exploited vulnerabilities
- HTTP Headers Remote Code Execution (CVE-2020-13756)
- MVPower DVR Remote Code Execution
- Dasan GPON Router Authentication Bypass (CVE-2018-10561)
Top mobile malware
- Hiddad
- xHelper
- FurBall