Info-Stealing Malware Tops Global Threat Index Ranking

The report

• The top on the list is AgentTesla, an advanced RAT malware that impacted 7% of organizations. 
• Modular .NET keylogger and credential stealer SnakeKeylogger bagged second place, which impacted 5% of organizations.
• Third on the list is Lokibot accounting for 4% of the attacks. This info-stealer is distributed mainly by phishing emails and is used to steal credentials and password data from emails, cryptocurrency wallets, and FTP servers.

Vulnerabilities rankings

• The most commonly exploited vulnerability in October was Web Server Exposed Git Repository Information Disclosure, with an impact on 43% of organizations globally.
• The second in the list is Apache Log4j Remote Code Execution (CVE-2021-44228) with an impact of 41% and the third is HTTP Headers Remote Code Execution bugs (CVE-2020-10826, CVE-2020-10827, CVE-2020-10828, CVE-2020-13756) with a global impact of 39%.
• A new critical vulnerability dubbed Text4Shell (CVE-2022-42889) is reminiscent of the Log4Shell vulnerability that allows attacks over a network without the need for any specific privileges or user interaction. Although it did not make it into the list of top vulnerabilities exploited in October, it has already impacted over 8% of organizations worldwide.

Additional insights

• Education/research remained the most attacked sector worldwide, followed by government/military and healthcare.
• The most prevalent mobile malware are Anubis, Hydra, and Joker.
• The report further indicates that while other info-stealing malware such as IcedID has risen to the fourth position, other prolific forms of malware such as XMRig (now 5th), Emotet (6th), Formbook (7th), Ramnit (8th), and Vider (9th) have slipped down from their previous rankings. Remcos remained at the last spot in the list of top 10.

Conclusion