Download PDF version Contact company

Check Point Research (CPR), the Threat Intelligence arm of Check Point® Software Technologies Ltd., a pioneering provider of cyber security solutions globally, has published its latest Global Threat Index for March 2021. Researchers report that the IcedID banking trojan has entered the Index for the first time, taking second place, while the established Dridex trojan was the most prevalent malware during March, up from seventh in February.

First seen in 2017, IcedID has been spreading rapidly in March via several spam campaigns, affecting 11% of organisations globally. One widespread campaign used a COVID-19 theme to entice new victims into opening malicious email attachments; the majority of these attachments are Microsoft Word documents with a malicious macro used to insert an installer for IcedID.

Once installed, the trojan then attempts to steal account details, payment credentials, and other sensitive information from users’ PCs. IcedID also uses other malware to proliferate and has been used as the initial infection stage in ransomware operations.

Evasive trojan

IcedID has been around for a few years now but has recently been used widely, showing that cyber-criminals are continuing to adapt their techniques to exploit organisations, using the pandemic as a guise,” said Maya Horowitz, Director, Threat Intelligence & Research, Products at Check Point.

IcedID is a particularly evasive trojan that uses a range of techniques to steal financial data, so organisations must ensure they have robust security systems in place to prevent their networks being compromised and minimise risks. Comprehensive training for all employees is crucial, so they are equipped with the skills needed to identify the types of malicious emails that spread IcedID and other malware.”

CPR also warns that “HTTP Headers Remote Code Execution (CVE-2020-13756)” is the most common exploited vulnerability, impacting 45% of organisations globally, followed by “MVPower DVR Remote Code Execution” which impact 44% of organisations worldwide. “Dasan GPON Router Authentication Bypass (CVE-2018-10561)” is on third place in the top exploited vulnerabilities list, with a global impact of 44%.

Top malware families

*The arrows relate to the change in rank compared to the previous month.

Recently, Dridex is the most popular malware with a global impact of 16% of organisations, followed by IcedID and Lokibot affecting 11% and 9% of organisations worldwide respectively.

  • ↑ Dridex - Dridex is a Trojan that targets the Windows platform and is reportedly downloaded via a spam email attachment. Dridex contacts a remote server and sends information about the infected system. It can also download and execute arbitrary modules received from the remote server.
  • ↑ IcedID - IcedID is a banking Trojan spread by email spam campaigns and uses evasive techniques such as process injection and steganography to steal user financial data.
  • ↑ Lokibot - Lokibot is an Info Stealer distributed mainly by phishing emails and is used to steal various data such as email credentials, as well as passwords to CryptoCoin wallets and FTP servers.

Top exploited vulnerabilities

Currently, “HTTP Headers Remote Code Execution (CVE-2020-13756)” is the most commonly exploited vulnerability, impacting 45% of organisations globally, followed by “MVPower DVR Remote Code Execution” which impacts 44% of organisations worldwide. “Dasan GPON Router Authentication Bypass (CVE-2018-10561)” is in third place with a global impact of 44%.

  • ↑ HTTP Headers Remote Code Execution (CVE-2020-13756) - HTTP headers let the client and the server pass additional information with an HTTP request. A remote attacker may use a vulnerable HTTP Header to run arbitrary code on the victim machine.
  • ↑ MVPower DVR Remote Code Execution - remote code execution vulnerability exists in MVPower DVR devices. A remote attacker can exploit this weakness to execute arbitrary code in the affected router via a crafted request.
  • ↑ Dasan GPON Router Authentication Bypass (CVE-2018-10561) - authentication bypass vulnerability exists in Dasan GPON routers. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorised access into the affected system.

Top mobile malwares

Hiddad took first place in the most prevalent mobile malware index, followed by xHelper and FurBall.

  • Hiddad - Hiddad is an Android malware, which repackages legitimate apps and then releases them to a third-party store. Its main function is to display ads, but it can also gain access to key security details built into the OS.
  • xHelper - A malicious application seen in the wild since March 2019, used for downloading other malicious apps and display ads. The application is capable of hiding itself from the user, and can even reinstall itself after being uninstalled.
  • FurBall - FurBall is an Android MRAT (Mobile Remote Access Trojan) which is deployed by APT-C-50, an Iranian APT group connected to the Iranian government. This malware was used in multiple campaigns dating back to 2017 and is still active today. Among FurBall’s capabilities are; stealing SMS messages and mobile call logs, recording calls and surroundings, collecting media files, tracking locations, and more.

Check Point’s Global Threat Impact Index and its ThreatCloud Map is powered by Check Point’s ThreatCloud intelligence, the largest collaborative network to fight cybercrime which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database inspects over 3 billion websites and 600 million files daily and identifies more than 250 million malware activities every day.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

In case you missed it

Panasonic AI-driven cameras empower an expanding vision of new uses
Panasonic AI-driven cameras empower an expanding vision of new uses

Imagine a world where video cameras are not just watching and reporting for security, but have an even wider positive impact on our lives. Imagine that cameras control street and building lights, as people come and go, that traffic jams are predicted and vehicles are automatically rerouted, and more tills are opened, just before a queue starts to form. Cameras with AI capabilities Cameras in stores can show us how we might look in the latest outfit as we browse. That’s the vision from Panasonic about current and future uses for their cameras that provide artificial intelligence (AI) capabilities at the edge. Panasonic feels that these types of intelligent camera applications are also the basis for automation and introduction of Industry 4.0, in which processes are automated, monitored and controlled by AI-driven systems. 4K network security cameras The company’s i-PRO AI-capable camera line can install and run up to three AI-driven video analytic applications Panasonic’s 4K network security cameras have built-in AI capabilities suitable for this next generation of intelligent applications in business and society. The company’s i-PRO AI-capable camera line can install and run up to three AI-driven video analytic applications. The AI engine is directly embedded into the camera, thus reducing costs and Panasonic’s image quality ensures the accuracy of the analytics outcome. FacePRO facial recognition technology Panasonic began advancing AI technology on the server side with FacePRO, the in-house facial recognition application, which uses AI deep learning capabilities. Moving ahead, they transitioned their knowledge of AI from the server side to the edge, introducing i-PRO security cameras with built-in AI capabilities last summer, alongside their own in-house analytics. Moreover, in line with the Panasonic approach to focus more on collaboration with specialist AI software developers, a partnership with Italian software company, A.I. Tech followed in September, with a range of intelligent applications, partially based on deep learning. Additional collaborations are already in place with more than 10 other developers, across the European Union, working on more future applications. i-PRO AI-capable security cameras Open systems are an important part of Panasonic’s current approach. The company’s i-PRO AI-capable cameras are an open platform and designed for third-party application development, therefore, applications can be built or tailored to the needs of an individual customer. Panasonic use to be a company that developed everything in-house, including all the analytics and applications. “However, now we have turned around our strategy by making our i-PRO security cameras open to integrate applications and analytics from third-party companies,” says Gerard Figols, Head of Security Solutions at Panasonic Business Europe. Flexible and adapting to specific customer needs This new approach allows the company to be more flexible and adaptable to customers’ needs. “At the same time, we can be quicker and much more tailored to the market trend,” said Gerard Figols. He adds, “For example, in the retail space, enabling retailers to enhance the customer experience, in smart cities for traffic monitoring and smart parking, and by event organisers and transport hubs to monitor and ensure safety.” Edge-based analytics offer multiple benefits over server-based systems Edge-based analytics Edge-based analytics offer multiple benefits over server-based systems. On one hand, there are monetary benefits - a cost reduction results from the decreased amount of more powerful hardware required on the server side to process the data, on top of reduction in the infrastructure costs, as not all the full video stream needs to be sent for analysis, we can work solely with the metadata. On the other hand, there are also advantages of flexibility, as well as reliability. Each camera can have its own individual analytic setup and in case of any issue on the communication or server side, the camera can keep running the analysis at the edge, thereby making sure the CCTV system is still fully operational. Most importantly, systems can keep the same high level of accuracy. Explosion of AI camera applications We can compare the explosion of AI camera applications to the way we experienced it for smartphone applications" “We can compare the explosion of AI camera applications to the way we experienced it for smartphone applications,” said Gerard Figols, adding “However, it doesn’t mean the hardware is not important anymore, as I believe it’s more important than ever. Working with poor picture quality or if the hardware is not reliable, and works 24/7, software cannot run or deliver the outcome it has been designed for.” As hardware specialists, Figols believes that Panasonic seeks to focus on what they do best - Building long-lasting, open network cameras, which are capable of capturing the highest quality images that are required for the latest AI applications, while software developers can concentrate on bringing specialist applications to the market. Same as for smartphones, AI applications will proliferate based on market demand and succeed or fail, based on the value that they deliver. Facial recognition, privacy protection and cross line technologies Panasonic has been in the forefront in developing essential AI applications for CCTV, such as facial recognition, privacy protection and cross line. However, with the market developing so rapidly and the potential applications of AI-driven camera systems being so varied and widespread, Panasonic quickly realised that the future of their network cameras was going to be in open systems, which allow specialist developers and their customers to use their sector expertise to develop their own applications for specific vertical market applications, while using i-PRO hardware. Metadata for detection and recognition Regarding privacy, consider that the use of AI in cameras is about generating metadata for the detection and recognition of patterns, rather than identifying individual identities. “However, there are legitimate privacy concerns, but I firmly believe that attitudes will change quickly when people see the incredible benefits that this technology can deliver,” said Gerard Figols, adding “I hope that we will be able to redefine our view of cameras and AI, not just as insurance, but as life advancing and enhancing.” i-PRO AI Privacy Guard One of the AI applications that Panasonic developed was i-PRO AI Privacy Guard Seeking to understand and appreciate privacy concerns, one of the AI applications that Panasonic developed was i-PRO AI Privacy Guard that generates data without capturing individual identities, following European privacy regulations that are among the strictest in the world. Gerard Fogils said, “The combination of artificial intelligence and the latest generation open camera technology will change the world’s perceptions from Big Brother to Big Benefits. New applications will emerge as the existing generation of cameras is updated to the new open and intelligent next generation devices, and the existing role of the security camera will also continue.” Future scope of AI and cameras He adds, “Not just relying on the security cameras for evidence when things have gone wrong, end users will increasingly be able to use AI and the cameras with much higher accuracy to prevent false alarms and in a proactive way to prevent incidents." Gerard Fogils concludes, “That could be monitoring and alerting when health and safety guidelines are being breached or spotting and flagging patterns of suspicious behaviour before incidents occur.”

What is the best lesson you ever learned from an end user?
What is the best lesson you ever learned from an end user?

Serving customer needs is the goal of most commerce in the physical security market. Understanding those needs requires communication and nuance, and there are sometimes surprises along the way. But in every surprising revelation – and in every customer interaction – there is opportunity to learn something valuable that can help to serve the next customer’s needs more effectively. We asked this week’s Expert Panel Roundtable: what was the best lesson you ever learned from a security end user customer?

What is the impact of remote working on security?
What is the impact of remote working on security?

During the coronavirus lockdown, employees worked from home in record numbers. But the growing trend came with a new set of security challenges. We asked this week’s Expert Panel Roundtable: What is the impact of the transition to remote working/home offices on the security market?