The word-association shows that ransomware and insufficient government cybersecurity efforts add up to an omnipotent international threat.

For April 2021, the Dridex trojan has reclaimed its spot at the top of Check Point Research’s (CPR) Global Threat Index.

AgentTesla now ranks second (for the first time), while Trickbot hovers at third place.

Dridex trojan is often used as the initial infection stage in ransomware operations, which had risen by a reported 57% in March this year, and is continuing to spike.

The most recent ransomware victim was major US fuel company Colonial Pipeline. The cybercriminals behind the attack—DarkSide—had claimed they did not intend to intend to create problems for society but were only after the money. “We do not participate in geopolitics, do not need to tie us with a defined government and look for… our motives,” the group reportedly announced, ending off with a veiled hint that they would “introduce moderation … to avoid social consequences in the future.”

More government action needed

Said Maya Horowitz, Director, Threat Intelligence & Research, Products, Check Point: “On average every 10 seconds globally, an organization becomes a victim of ransomware. Recently there have been calls for governments to do more about this growing threat, but it is showing no signs of slowing down.”

According to Horowitz, all organizations need to be aware of the risks and ensure adequate anti-ransomware solutions are in place. “Comprehensive training for all employees is also crucial, so they are equipped with the skills needed to identify the types of malicious emails that spread Dridex and other malwares, as this is how many ransomware exploits start.” 

Top malware families

This month, Dridex trojan is still the most popular malware with a global impact of 15% of organisations, followed by Agent Tesla and Trickbot impacting 12% and 8% of organisations worldwide respectively.

  1. Dridex
  2. Agent Tesla
  3. Trickbot

Top exploited vulnerabilities

  1. Web Server Exposed Git Repository Information Disclosure
  2. HTTP Headers Remote Code Execution (CVE-2020-10826,CVE-2020-10827,CVE-2020-10828,CVE-2020-13756)
  3. MVPower DVR Remote Code Execution

Top mobile malwares

  1. xHelper
  2. Triada
  3. Hiddad