Trickbot still UAE’s top malware threat after Emotet shutdown

Trickbot still UAE’s top malware threat after Emotet shutdown

Check Point Research, the Threat Intelligence arm of Check Point Software Technologies Ltd, has published its latest Global Threat Index for February 2021 and the Trickbot trojan has continued to reign as the top malware targeting 7% of UAE businesses for the second consecutive month.

xHelper, a malicious application seen in the wild since March 2019, used for downloading other malicious apps and display advertisement, sees an increase in activity as it targets close to 6% of users in the UAE.

During February, Trickbot was being distributed via a malicious spam campaign designed to trick users in the legal and insurance sectors into downloading a .zip archive with a malicious JavaScript file to their PCs. Once this file is opened, it attempts to download a further malicious payload from a remote server.

Trickbot was the fourth most prevalent malware globally during 2020, impacting 8% of organisations. It played a key role in one of the highest-profile and expensive cyberattacks of 2020, which hit Universal Health Services (UHS), a leading healthcare provider in the US. UHS was hit by Ryuk ransomware and stated the attack cost it US$67 million in lost revenues and costs. Trickbot was used by the attackers to detect and harvest data from UHS’ systems and then to deliver the ransomware payload.

“Trickbot is gaining popularity for its versatility and its track record of success in previous attacks,” said Ram Narayanan, Country Manager, Check Point Software Technologies Middle East. “The fact that this trojan has almost replaced the intensity at which Emotet targeted UAE businesses is proof that cyber criminals are relentless in their actions. The threat actors behind Trickbot target financial institutions using a wide array of modules not only to steal credentials from the target PC, but also for lateral movement and reconnaissance on the targeted organisation itself, prior to delivering a company-wide targeted ransomware attack. Businesses must focus on training and educating its employees in identifying malicious emails, so they can stop the trojan in its tracks and avoid exposing the entire networks.”

Check Point Research also warned that ‘Web Server Exposed Git Repository Information Disclosure’ is the most common exploited vulnerability, impacting 48% of organisations globally, followed by ‘HTTP Headers Remote Code Execution (CVE-2020-13756)’ which impact 46% of organisations worldwide.

Click below to share this article

Browse our latest issue

Intelligent CIO Middle East

View Magazine Archive