Even vulnerability fixes can be vulnerable, as CVE-2021-41773 has shown!
The modular botnet and banking trojan, Trickbot, remains at the top Check Point Research’s (CPR) monthly list of most prevalent malware, affecting 4% of organizations worldwide.
Since the Emotet takedown in January, Trickbot has featured at the top of the most prevalent malware list five times. It is constantly being updated with new capabilities, features and distribution vectors that enable it to be a flexible and customizable malware that can be distributed as part of multi-purpose campaigns.
In the top ten list of exploited vulnerabilities, Apache HTTP Server Directory Traversal is a new entrant for Oct, in 10th place. When it was first discovered, developers of Apache released fixes for CVE-2021-41773 in Apache HTTP Server 2.4.50. However, the patch was found to be insufficient, and a directory traversal vulnerability still exists in Apache HTTP Server.
Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system. This vulnerability can lead threat actors to map URLs to files outside the expected document root by launching a path traversal attack. It is imperative that Apache users have appropriate protection technologies in place.
CPR also revealed this month that Education/Research is the most attacked industry globally, followed by Communications and Government/Military.
Top malware families
Trickbot (affecting 4% of organizations worldwide), XMRig (3%) and Remcos (2%) top the list for the month.
- Trickbot
- XMRig
- Remcos
- Glupteba
- Tofsee
- Ramnit
- Agent Tesla
- Ursnif
- Formbook
- Nanocore
Top targeted industries globally
- Education/Research
- Communications
- Government/Military
Top exploited vulnerabilities
- Web Servers Malicious URL Directory Traversal (CVE-2010-4598,CVE-2011-2474,CVE-2014-0130,CVE-2014-0780,CVE-2015-0666,CVE-2015-4068,CVE-2015-7254,CVE-2016-4523,CVE-2016-8530,CVE-2017-11512,CVE-2018-3948,CVE-2018-3949,CVE-2019-18952,CVE-2020-5410,CVE-2020-8260)
- Web Server Exposed Git Repository Information Disclosure
- HTTP Headers Remote Code Execution (CVE-2020-10826,CVE-2020-10827,CVE-2020-10828,CVE-2020-13756)
- Dasan GPON Router Authentication Bypass (CVE-2018-10561)
- MVPower DVR Remote Code Execution
- Apache Struts2 Content-Type Remote Code Execution (CVE-2017-5638,CVE-2017-5638,CVE-2019-0230)
- Command Injection Over HTTP (CVE-2013-6719,CVE-2013-6720)
- D-LINK Multiple Products Remote Code Execution (CVE-2015-2051)
- OpenSSL TLS DTLS Heartbeat Information Disclosure (CVE-2014-0160,CVE-2014-0346)
- Apache HTTP Server Directory Traversal (CVE-2021-41773,CVE-2021-42013)
Top Mobile Malware
- xHelper
- AlienBot
- XLoader