Check Point Software Technologies, provider of cybersecurity solutions globally, has published its latest Global Threat Index for October 2022.

This month saw keylogger AgentTesla take first place as the most widespread malware, impacting 7% of organizations worldwide.

There was a significant increase in the number of attacks from the infostealer Lokibot, which reached the third spot for the first time in five months.

Also, a new vulnerability, Text4Shell, affecting the Apache Commons Text library, was disclosed.

Lokibot is a commodity infostealer that is designed to harvest credentials from a variety of applications including: web browsers, email clients and IT administration tools.

As a trojan, its goal is to sneak, undetected onto a system by masquerading as a legitimate program.

It can be distributed through phishing emails, malicious websites, SMS, and other messaging platforms. This rise in popularity can be explained by the increase in spam campaigns themed around online inquiries, orders, and payment confirmation messages.

October also saw disclosure of a new critical vulnerability, Text4Shell, (CVE-2022-42889).

Based on the Apache Commons Text’s functionality, this allows attacks over a network, without the need for any specific privileges or user interaction.

Text4shell is reminiscent of the Log4Shell vulnerability, which is still, one year on, one of the major threats.

Although Text4Shell did not make the list of top vulnerabilities exploited this month, it has already impacted over 8% of organizations worldwide and Check Point will continue to monitor its impact.

Maya Horowitz, VP Research at Check Point Software said: “We saw a lot of change in the rankings this month, with a new set of malware families making up the big three.

“It is interesting that Lokibot has climbed back to the third spot so quickly, which shows an increasing trend towards phishing attacks.

MORE UK SECURITY NEWS

“As we head into November, which is a busy buying period, it is important that people remain vigilant and keep an eye out for suspicious emails that could be carrying malicious code.

“Be aware of signs such as an unfamiliar sender, request for personal information and links.

“If in doubt, visit websites directly and find the appropriate contact information from verified sources, and make sure you have malware protection installed.”

CPR also revealed that “Web Server Exposed Git Repository Information Disclosure” is the most common exploited vulnerability, impacting 43% of organizations worldwide, closely followed by “Apache Log4j Remote Code Execution”, with an impact of 41%. October also saw Education/Research remain in first place as the most attacked industry globally.

Top Malware Families

AgentTesla was the most widespread malware this month impacting 7% of organizations worldwide, followed by SnakeKeylogger affecting 5% and Lokibot with an impact of 4%.

1. AgentTesla – AgentTesla is an advanced RAT functioning as a keylogger and information stealer. It is capable of monitoring and collecting the victim’s keyboard input, system keyboard, taking screenshots and exfiltrating credentials to a variety of software installed on a victim’s machine (including Google Chrome, Mozilla Firefox and Microsoft Outlook).
2. Snake Keylogger – Snake Keylogger is a modular .NET keylogger and credential stealer first spotted in November 2020. Its primary function is to record user’s keystrokes and transmit collected data to threat actors. It poses a major threat to a user’s online safety as this malware can steal all kinds of sensitive information and is particularly evasive.
3. Lokibot – Lokibot is an Info Stealer distributed mainly by phishing emails and is used to steal various data such as email credentials, as well as passwords to Crypto Coin wallets and FTP servers.

Top Attacked Industries Globally

In October, the Education/Research sector remained in first place as the most attacked industry globally, followed by Government/Military and Healthcare.

1. Education/Research
2. Government/Military
3. Healthcare