Since Emotet’s toppling in January, cybercriminals have turned to Trickbot to maintain their malicious activities.

The Global Threat Index for February 2021 has revealed the successor to Emotet after its ringleaders were brought in January.

The Trickbot trojan has topped the Index for the first time, rising from third position in January. 

Following the takedown of the Emotet botnet, researchers from Check Point have reported that cyber-criminal groups are now using new techniques with malwares such as Trickbot to continue their malicious activities. Last month, they distributed it via a malicious spam campaign designed to trick users in the legal and insurance sectors into downloading a .zip archive with a malicious JavaScript file to their PCs. Once this file was opened, the script attempted to download a further malicious payload from a remote server.

A worthy successor

Trickbot was the fourth most prevalent malware globally last year, impacting 8% of organizations. It played a key role in one of the highest-profile and expensive cyberattacks of 2020, which hit Universal Health Services (UHS), a leading healthcare provider in the U.S. UHS was hit by Ryuk ransomware, and stated the attack cost it US$67 million in lost revenues and costs.

Trickbot was used by the attackers to detect and harvest data from UHS’ systems, and then to deliver the ransomware payload. Said Check Point’s Director (Threat Intelligence & Research, Products), Maya Horowitz: “As we suspected, even when a major threat is removed, there are many others that continue to pose a high risk on networks worldwide.” 

Feb 2021 top malware families
This Month, Trickbot ranks as most popular malware impacting 3% of organisations globally, closely followed by XMRig and Qbot which also impacted 3% of organisations worldwide respectively.

  1. ↑Trickbot
  2. ↑ XMRig
  3. ↑ Qbot

Top exploited vulnerabilities

  1. Web Server Exposed Git Repository Information Disclosure
  2. ↔ HTTP Headers Remote Code Execution (CVE-2020-13756)
  3. MVPower DVR Remote Code Execution

Top mobile malware
This month, Hiddad holds first place in the most prevalent mobile malware, followed by xHelper and FurBall.

  1. Hiddad
  2. xHelper
  3. FurBall