February sees huge jump in exploits designed to spread Mirai botnet

The Mirai botnet is known for targeting Internet of Things devices and conducting massive DDoS attacks, as described by cyberthreat researcher Check Point Research.

Security professionals always have to be on their toes as the threat landscape can easily and quickly change, even from one month to the next. A look at the top cyber threats for February by Check Point Research highlights the latest developments in popular malware strains and vulnerabilities.

SEE: Special report: A winning strategy for cybersecurity (free PDF) (TechRepublic) 

In its Global Threat Index for February 2020, Check Point discovered a significant increase in malware designed to exploit certain vulnerabilities to spread the Mirai botnet. Infamous for a huge cyberattack in 2016 that took down several major websites, Mirai has a nasty habit of infecting Internet of Things devices and launching large Distributed denial of service (DDoS) attacks.

The specific vulnerability noted by Check Point that Mirai has been exploiting is called the "PHP php-cgi Query String Parameter Code Execution" exploit. Ranked sixth among the top exploited vulnerabilities in February, this one has hit 20% of organizations around the world, up from just 2% in January.

Another notorious threat, Emotet, was ranked as the second most common malware last month and the largest botnet currently in operation. For February, Emotet was caught spreading via two new vectors. The first vector was an SMS Phishing campaign hitting potential victims in the US. In this case, cybercriminals spoof SMS messages from popular banks that coax people to click on a malicious link, which then downloads Emotet to their device. In the second vector, cybercriminals look to detect and leverage nearby Wi-Fi networks by accessing them through brute force attacks of common passwords.

SEE: How an IBM social engineer hacked two CBS reporters--and then revealed the tricks behind her phishing and spoofing attacks (free PDF) (TechRepublic)

Among other top malware families, XMRig jumped to first place on Check Point's list in February, affecting 7% of organizations worldwide. First seen in the wild in May 2017, XMRig is an open-source CPU mining software used to mine Monero cryptocurrency.

Following Emotet, Jsecoin took third place on the list. Jsecoin is a web-based Crypto miner designed to perform online mining of Monero cryptocurrency. Using JavaScript, this particular malware steals from a machine's computational resources to mine coins, thus hurting system performance.

Among the top exploited vulnerabilities, one known as MVPower DVR Remote Code Execution came in first, according to Check Point. Through this flaw, an attacker can execute code in an affected router via a crafted request. In second place was a vulnerability called OpenSSL TLS DTLS Heartbeat Information Disclosure though which an attacker can access the contents in memory of an affected client or server PC.

"As we saw in January, the most impactful threats and exploits during February were versatile malware such as XMRig and Emotet," Maya Horowitz, director or Threat Intelligence & Research for Products at Check Point, said in a press release. "Criminals seem to be aiming to build the largest possible networks of infected devices, which they can then exploit and monetize in a range of different ways, from ransomware delivery to launching DDoS attacks.

"As the main infection vectors are emails and SMS messages, organizations should ensure their employees are educated about how to identify different types of malicious spam, and deploy security that actively prevents these threats from infecting their networks."

Also see

Scull on blue digital background. security concepts

Image: BigNazik, Getty Images/iStockphoto