Revealed: Top 11 types of malware and ransomware you should worry about


Photo: Shutterstock/stockfour

The US Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Center for Cyber ​​Security (ACSC) have selected 11 malware families as the top threats.

The list consists of malware that has developed over the past 10 years such as banking trojans, remote access trojans, information theft, and ransomware delivery tools.

Agencies have listed the most important strains of malware in the past year as Tesla agent (information thief) AZORult (information thief) Formbook (information thief) Arseniv (Trojan Banking), LokiBot (Trojan credential thief), Mosesland (delivery of ransomware), nano core (credential thief), squid (multipurpose trojan), ramkus (remote access trojan), Trickpot (Trojan Delivery / Multipurpose Ransomware), and GootLoader (Multiple payload malware platform).

We see: These are the biggest cyber security threats. Make sure you don’t ignore them

The malware on the list is primarily used for financial gain rather than, for example, cyber espionage. “The most prevalent malware users of the most important strains of malware are cybercriminals, who use malware to deliver ransomware or facilitate the theft of personal and financial information,” CISA notes in advisory.

Some, like TrickBot, started as a banking Trojan but have evolved into a standard malware and have since become a Access brokers for ransomware groups, such as the notorious Conti gangusing its network of already compromised devices.

CISA also provides an overview of how the malware ecosystem operates and how industry players continue to fund, support, and improve their malware.

CISA notes that “many malware developers often operate from locations with few legal prohibitions against developing and spreading malware. Some developers even market their malware products as legitimate cybersecurity tools.”

CISA Advisor serves as a helpful resource with links to official US government technical briefs on each strain of malware. It includes a summary of its main capabilities, its activity history since then, malware classification, and delivery method.

We see: Ransomware attacks: This is the data that cybercriminals really want to steal

Trickbot, at one time the largest robot in the world, has been active since 2016 and in October 2020 it was Targeted by Microsoft and its partners due to a technical and legal removal process. That month, the US Army’s Electronic Command Unit also made She is said to be running a campaign against Trickbot. CISA also warned that the Trickbot was Planning an attack on US healthcare institutions. Despite these efforts, CISA notes that the Trickbot remains active as of July 2022.

“TrickBot malware is often used to form bot networks or enable initial access to Conti ransomware or Ryuk Banking trojan. Developed and operated by a sophisticated group of malicious cyber actors, TrickBot has evolved into a multi-stage, highly modular malware,” the advisory states.

In 2020, cybercriminals used TrickBot to target files Healthcare and Public Health (HPH) Then launch ransomware attacks, hack data, or disrupt healthcare services. Based on information from reliable third parties, the TrickBot infrastructure is still active as of July 2022.”

CISA recommends organizations patch all systems and prioritize patch Known exploited vulnerabilities. It also recommends enforcing multi-factor authentication and securing Remote Desktop Protocol (RDP) services.

CISA published in April Top 15 Routinely Exploited Vulnerabilitieswhich included vulnerabilities in ProxyShell and ProxyLogon Exchange email servers, errors in Virtual Private Network (VPN) endpoints, and Apache Log4j Log4Shell error.

Leave a Comment