The Apache Log4j was the number-one most-exploited vulnerability in this cybersecurity ecosystem’s global rankings.

For the first month of the new year in Check Point Research’s Global Threat Index, Emotet pushed Trickbot out of first place after a long stay at the top, and was that month’s most prevalent malware, affecting 6% of organizations worldwide covered by the firm’s protection.

Log4j was still growing as a problem, impacting 47.4% of organizations globally and the most attacked industry continued to be Education/Research.

After only two-and-a-half months since its return to the firm’s rankings, Emotet had surged into the top spot. Its increased use has only been helped by the prevalence of Trickbot that acts as a catalyst, spreading the malware even further. Emotet’s evasive nature and use of multiple infection methods are expected to keep it high on many threat rankings for some time to come.

Meanwhile Dridex has dropped from the top 10 list altogether, replaced by Lokibot, an infostealer that is used to obtain data such as email credentials, passwords to CryptoCoin wallets and FTP servers. Lokibot takes advantage of victims at their busiest moments, being distributed through well-disguised phishing emails.

These threats, along with the ongoing Log4j threat, emphasize the importance of having the best security across networks, cloud, mobile and user endpoints.

Top malware families

This month, Emotet is the most popular malware impacting 6% of organizations worldwide, closely followed by Trickbot with an impact of 4% and then Formbook with an impact of 3%.

  1. Emotet
  2. Trickbot
  3. Formbook
  4. Agent Tesla
  5. XMRig
  6. Glupteba
  7. Remcos
  8. Ramnit
  9. Phorpiex
  10. Lokibot

Top exploited vulnerabilities

This month the Apache Log4j Remote Code Execution was still the most commonly exploited vulnerability, impacting  47.4% of organizations globally, followed by Web Server Exposed Git Repository Information Disclosure which impacted 45% of organizations worldwide.

  1. Apache Log4j Remote Code Execution (CVE-2021-44228)
  2. Web Server Exposed Git Repository Information Disclosure
  3. HTTP Headers Remote Code Execution (CVE-2020-10826,CVE-2020-10827,CVE-2020-10828,CVE-2020-13756)
  4. Web Servers Malicious URL Directory Traversal (CVE-2010-4598,CVE-2011-2474,CVE-2014-0130,CVE-2014-0780,CVE-2015-0666,CVE-2015-4068,CVE-2015-7254,CVE-2016-4523,CVE-2016-8530,CVE-2017-11512,CVE-2018-3948,CVE-2018-3949,CVE-2019-18952,CVE-2020-5410,CVE-2020-8260)
  5. Command Injection Over HTTP (CVE-2013-6719,CVE-2013-6720)
  6. D-LINK Multiple Products Remote Code Execution (CVE-2015-2051)
  7. MVPower DVR Remote Code Execution
  8. Dasan GPON Router Authentication Bypass (CVE-2018-10561)
  9. PHP Easter Egg Information Disclosure
  10. Apache HTTP Server Directory Traversal (CVE-2021-41773,CVE-2021-42013)

Top mobile malware

This month xHelper was in first place as the most prevalent mobile malware, followed by AlienBot and FluBot.