Check Point Research, its research department Check Point Software Technologies Ltd., published the latest World Threat List for August at 2019. The research team is warning organizations about Echobot, a new variant of Mirai IoT Botnet, which has launched widespread attacks against a number of IoT devices.
The Echobot, which first appeared in May 2019, has exploited more than 50 different vulnerabilities, and is the reason why there has been a sharp rise in the “Command Injection Over HTTP” vulnerability, which has affected 34% of organizations worldwide.
During August, two months after its shutdown, botnet re-activation was also observed. Emotet. Emotet was the largest botnet operator in the first half of 2019. Although there have not yet been significant attacks that exploit this specific malware, it may soon be used in spam campaigns.
"The sharp increase in incidents is a highlight, as Echobot was first introduced in mid-May as a new variant of the infamous Mirai IoT Botnet, and now targets more than 50 different vulnerabilities. Echobot has affected 34% of companies worldwide, proving that network updates, software and IoT devices are vital for organizations, "said Maya Horowitz, Director of Check Point Information and Threat Research.
Check Point 3 most prevalent malware threats in August 2019:
* The arrows indicate the change in rank relative to the previous month.
The XMRig continues to be at the top of the list, with Jsecoin to follow. The two malwares affected 7% of organizations worldwide, while Dorkbot came in third, affecting 6% of organizations worldwide.
- ↔ XMRig - XMRig is an open source CPU mining software for the Monero cryptocurrency production process that was first launched in May on 2017.
- ↔ Dorkbot - IRC-based Worm designed to allow remote code execution by its operator, as well as additional malware on the infected system, with the main purpose of intercepting sensitive information and performing denial-of-service attacks.
3 Most Popular Malware Threats in August at 2019:
During August, Lotoor was the most widespread malware on mobile, followed by AndroidBauts and Triada.
- Lotoor - A hacker tool that exploits vulnerabilities in the Android operating system to gain full root access to infringing mobile devices.
- AndroidBauts - This is Adware targeting Android users. The software eliminates IMEI, IMSI, GPS location and other device information and allows third party applications to be installed on the device.
- Triada - Modular backdoor for Android that grants super user rights to malware that has been downloaded, helping it integrate into system processes. Triada has also been observed to mislead URLs loaded into the browser.
3 vulnerabilities 'most frequently exploited' in August on 2019
In August, SQL Injection techniques continued to top the list, followed by the vulnerability of OpenSSL TLS DTLS Heartbeat Information Disclosure. The exploitation of these techniques and exploitation of the aforementioned vulnerability affected 39% of organizations worldwide. In third place was the vulnerability MVPower DVR Remote Code Execution with impact on 38% of organizations worldwide.
- ↔ SQL Injection (various techniques) - It is about inserting a SQL query into the data provided by the client in an application, thus exploiting a vulnerability in the code of that application.
- ↔ OpenSSL TLS DTLS Heartbeat Information Disclosure (CVE-2014-0160; CVE-2014-0346) - A vulnerability to information disclosure that exists in OpenSSL. Vulnerability is due to an error handling TLS / DTLS heartbeat packets. An attacker could exploit this vulnerability to reveal the contents of a logged-in client or server memory.
- ↔ MVPower DVR Remote Code Execution - MVPower DVRs have a vulnerability to code remotely. A remote attacker can exploit this flaw and execute arbitrary code on the affected router via a crafted request.
* The complete list of the most common malware threats worldwide 10 can be found here.
Check Point's Threat Prevention Resources are available on the site: