Emotet was the leading malware threat for the third month in a row, according to Check Point’s December 2019 Global Threat Index.

The malware was spread via a range of email messages including ‘Support Greta Thunberg – Time Person of the Year 2019’ and ‘Christmas Party!’

Within the email was an attached malicious Microsoft Word document. If the recipient opened it, it would repeatedly try to download Emotet. Emotet is primarily used as a distributor of ransomware or other malicious campaigns.

Check Point’s researchers also reported a sharp increase in exploits against the ‘Command Injection Over HTTP’ vulnerability, with 33% of global organizations being targeted. This vulnerability rose from being the fifth most exploited in November to the top position in December. If successfully exploited, the payload was a DDoS botnet: the malicious file used in the attack also contained a number of links to payloads exploiting vulnerabilities in several IoT devices from manufacturers including D-Link, Huawei and RealTek, with the aim of recruiting these devices into botnets, according to a Check Point press release.

“Over the past three months, the threats impacting most organizations have been versatile, multi-purpose malware like Emotet and xHelper,” Maya Horowitz, director, threat intelligence & research, products at Check Point, said in the release. “These give cyber-criminals multiple options for monetizing attacks, as they can be used for distributing ransomware or spreading further spam campaigns. The aim for criminals is to get a foothold in as many organizations and devices as possible, so that subsequent attacks can be more lucrative and damaging.”

December 2019’s Top 3 ‘Most Wanted’ Malware:

Emotet impacted 13% of organizations globally in December, up from 9% in November. XMRig and Trickbot each impacted 7% of organizations.

  • Emotet – Emotet is an advanced, self-propagating and modular Trojan. Emotet was formerly a banking Trojan.
  • XMRig – XMRig is an open-source CPU mining software used for the mining process of the Monero cryptocurrency.
  • Trickbot – Trickbot is a dominant banking Trojan that is frequently updated with new capabilities, features and distribution vectors. This makes it flexible and customizable malware so that it can be sent as part of multi-purposed campaigns.

SEE: Special report: Cyberwar and the future of cybersecurity (free PDF) (TechRepublic)

December’s Top 3 ‘Most Wanted’ Mobile Malware:

xHelper and Guerrilla remain the top two positions of the mobile malware index.

  • xHelper – A malicious Android application used for downloading other malicious apps and display advertisements. The application is capable of hiding itself from the user and mobile anti-virus programs, and reinstalls itself if the user uninstalls it.
  • Guerrilla – An Android Trojan found embedded in multiple legitimate apps which is capable of downloading additional malicious payloads. Guerrilla generates fraudulent ad revenue for the app developers.
  • Hiddad – Android malware which repackages legitimate apps and then releases them to a third-party store. Its main function is to display ads, but it can also access key security details built into the OS

December’s ‘Most Exploited’ vulnerabilities:
The ‘Command Injection Over HTTP’ was the most common exploited vulnerability, with 33% of organizations around the world being impacted. Coming in second is the MVPower DVR Remote Code Execution vulnerability with 32% of organizations impacted, and the Web Server Exposed Git Repository Information Disclosure impacted 29% of organizations.

Also see