Download PDF version Contact company

Check Point Research (CPR), the Threat Intelligence arm of Check Point® Software Technologies Ltd., a provider of cybersecurity solutions globally, has published its latest Global Threat Index for July 2021.

Researchers report that while Trickbot is still the most prevalent malware, Snake Keylogger, which was first detected in November 2020, has surged into second place following an intense phishing campaign.

Keylogger and credential stealer

Snake Keylogger is a modular .NET keylogger and credential stealer. Its primary function is to record users’ keystrokes on computers or mobile devices and transmit the collected data to threat actors. In recent weeks, Snake has been growing fast via phishing emails with different themes across all countries and business sectors. 

Snake infections pose a major threat to users' privacy and online safety, as the malware can steal virtually all kinds of sensitive information, and it is a particularly evasive and persistent keylogger. There are currently underground hacking forums where the Snake Keylogger is available for purchase, ranging from 25 to 500 dollars, depending on the level of service offered.

Keylogger attacks can be dangerous because individuals tend to use the same password and username for different accounts

Keylogger attacks can be particularly dangerous because individuals tend to use the same password and username for different accounts, and once one login credential is breached, the cybercriminal gains access to all those that have the same password. To stop them, it is essential to use a unique option for each of the different profiles. To do this, a password manager can be used, which allows both managing and generating different robust access combinations for each service based on the guidelines decided upon.

Choosing unique passwords

Where possible, users should reduce the reliance on passwords alone, for example by implementing Multi-Factor Authentication (MFA) or Single-Sign-On (SSO) technologies,” said Maya Horowitz, VP Research at Check Point Software.

Also, when it comes to password policies, choosing a strong, unique password for each service is the best advice, then even if the bad guys do get hold of one of your passwords, it won’t immediately grant them access to multiple sites and services. Keyloggers such as Snake are often distributed via phishing emails so users must know to look out for small discrepancies such as misspellings in links and email addresses, and be educated to never click on suspicious links or open any unfamiliar attachments.”

CPR also revealed this month that “Web Server Exposed Git Repository Information Disclosure” is the most commonly exploited vulnerability, impacting 45% of organizations globally, followed by “HTTP Headers Remote Code Execution” which affects 44% of organizations worldwide. “MVPower DVR Remote Code Execution” takes third place in the top exploited vulnerabilities list, with a global impact of 42%.

Top malware families

Trickbot is a flexible and customizable malware that can be distributed as part of multi-purpose campaigns

This month, Trickbot is the most popular malware impacting 4% of organizations globally, followed by Snake Keylogger and XMRig, each with a global impact of 3%.

 Trickbot - Trickbot is a modular Botnet and Banking Trojan constantly being updated with new capabilities, features, and distribution vectors. This enables Trickbot to be a flexible and customizable malware that can be distributed as part of multi-purpose campaigns.

  • Snake Keylogger- Snake is a modular .NET keylogger and credential stealer first spotted in late November 2020; its primary function is to record users’ keystrokes and transmit collected data to threat actors.
  • XMRig - XMRig is open-source CPU mining software used for the mining process of the Monero cryptocurrency, and was first seen in the wild in May 2017.

Top exploited vulnerabilities

July's “Web Server Exposed Git Repository Information Disclosure” is the most commonly exploited vulnerability, impacting 45% of organizations globally, followed by “HTTP Headers Remote Code Execution” which affects 44% of organizations worldwide. “MVPower DVR Remote Code Execution” is in third place in the top exploited vulnerabilities list, with a global impact of 42%.

  • Web Server Exposed Git Repository Information Disclosure - Information disclosure vulnerability has been reported in Git Repository. Successful exploitation of this vulnerability could allow an unintentional disclosure of account information.
  • HTTP Headers Remote Code Execution (CVE-2020-10826, CVE-2020-10827, CVE-2020-10828, CVE-2020-13756) - HTTP headers let the client and the server pass additional information with an HTTP request. A remote attacker may use a vulnerable HTTP Header to run arbitrary code on the victim machine.
  • MVPower DVR Remote Code Execution – Remote code execution vulnerability exists in MVPower DVR devices. A remote attacker can exploit this weakness to execute arbitrary code in the affected router via a crafted request.

Top Cellphone malware

In July, xHelper takes first place in the most prevalent mobile malware, followed by AlienBot and Hiddad.

  • xHelper - A malicious application seen in the wild since March 2019, used for downloading other malicious apps and display advertisements. The application is capable of hiding itself from the user and can even reinstall itself if it was uninstalled.
  • AlienBot - AlienBot malware family is a Malware-as-a-Service (MaaS) for Android devices that allows a remote attacker, as a first step, to inject malicious code into legitimate financial applications. The attacker obtains access to victims’ accounts, and eventually completely controls their device.
  • Hiddad - Hiddad is an Android malware that repackages legitimate apps and then releases them to a third-party store. Its main function is to display ads, but it can also gain access to key security details built into the OS.

Check Point’s Global Threat Impact Index and its ThreatCloud Map is powered by Check Point’s ThreatCloud intelligence, the largest collaborative network to fight cybercrime which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database inspects over 3 billion websites and 600 million files daily and identifies more than 250 million malware activities every day.

Download PDF version Download PDF version

In case you missed it

Security & Safety Things Becomes Azena, Underscores Advances In Smart Camera Platform Development
Security & Safety Things Becomes Azena, Underscores Advances In Smart Camera Platform Development

Security & Safety Things is announcing that it has rebranded to Azena, a new brand name that underscores the company’s corporate growth and leading-edge smart camera platform and positions it for the next chapter in its ambitious plans for redefining video analytics. With a growing slate of global customer and partner collaborations and expanding geographic coverage, Azena will continue to increase the value of its platform for systems integrators and end customers. More than 100 AI-enabled video analytics apps Since its market introduction in 2018, Azena has grown to more than 120 employees spread across its headquarters in Munich, its technology Innovation Accelerator facility in Pittsburgh, and another development hub in Eindhoven, The Netherlands, all supporting the Azena open platform for smart cameras.Integrators can flexibly add or change apps on one or multiple cameras as needed for their customers The Azena platform is comprised of an open operating system for cameras and an Application Store with nearly 100 Artificial Intelligence (AI)-enabled video analytics apps. It enables smart cameras to simultaneously run multiple apps directly on the device. Integrators can flexibly add or change apps on one or multiple cameras as needed for their customers and use any of the 15 cameras from six different manufacturer partners in a variety of form factors.“Systems integrators play a crucial role in connecting the video analytic edge devices on our platform into the larger system landscape for a truly data-driven approach to security, operational intelligence and automation,” said Hartmut Schaper, chief executive officer, Azena. “Our new identity as Azena positions us for improved name recognition and market presence as we continue to add functionality and the potential for expansion into new markets for our systems integrator partners.” More than 40 use cases in 25+ verticals The Azena Application Store features apps that address more than 40 different use cases in at least 25 different vertical markets, ranging from traditional perimeter security, retail loss prevention and occupancy management to stadium security and even the unique needs of aquaculture. Some examples of use cases include: One U.S. professional hockey team, the Pittsburgh Penguins, is using the Azena platform to monitor crowding at its stadium entrances, license plate recognition for more efficient stadium parking and heat mapping for improved layouts of its fan merchandise retail outlets. An oil drilling company is deploying smart cameras running the Azena OS so operations staff can remotely monitor any pumping disruptions in the oil fields. A chemical plant is monitoring its locations for the presence of smoke to enhance  workplace safety measures Collaboration with Proseguy Systems integrator Prosegur, one of the world’s largest security companies, has announced its collaboration with Azena to use analytics on the edge as part of its Security Operations Center as a service offering. By deploying more sophisticated analytics to measure activity or automatically verify alarms, incoming alarm traffic from customer sites can be prefiltered, reducing the number of alarms needing to be handled by human operators in the SOC, enabling a more appropriate response.Integrators will find a host of other new features in the Azena platformIntegrators will find a host of other new features in the Azena platform designed to leverage device management capabilities and remote access for diagnosis and maintenance to cameras on a customer site, using Azena’s digital twin architecture. Other benefits include: Ability to run all the analytics apps from the Azena Application Store on the video stream of existing IP cameras by means of a small appliance from one of the camera manufacturer partners, bringing AI to already installed video systems Wide range of integration options to connect VMS systems, dashboard software, access systems, other apps or other cameras to support the creation of sophisticated end-to-end solutions Option for integrators to build and deploy custom solutions with apps available only to them and their customers via the Azena Application Store Ability to securely and remotely connect to a customer camera without a VPN A new integration assistant that quickly builds middleware for custom integrations between Azena components and third-party software and hardware Opportunity to negotiate directly with app developers on bulk pricing Standardized terms of use that can be adopted by all applications in the Application Store

What Are New Trends In Residential Security?
What Are New Trends In Residential Security?

Residential security and smart homes are rapidly changing facets of the larger physical security marketplace, driven by advances in consumer technology and concerns about rising crime rates. During the COVID-19 pandemic, many people spent more time at home and became more aware of the need for greater security. As workplaces opened back up, returning workers turned to technology to help them keep watch over their homes from afar. We asked this week’s Expert Panel Roundtable: What are the trends in residential security in 2021?

How Businesses Can Protect Their People In The New Age Of Work
How Businesses Can Protect Their People In The New Age Of Work

Ensuring employee health and safety remains a key priority for organizations this year, especially as we see COVID-19 cases continue to rise in different areas of the world. As an ongoing challenge, COVID-19 has shifted the priorities of many organizations. In fact, “improving health and safety for employees” is the top strategic goal this year of manufacturing and logistics organizations in the U.S. and U.K., according to research conducted by Forrester on behalf of STANLEY Security. But as we think about reopening and as hybrid workforce models and “workspace-on-demand” approaches rise in popularity, leaders need to consider implementing the right technologies to help ensure a safe return to the office. This means investing in health, safety, and security solutions that can help leaders protect their people. The intersection of security technology and health and safety There’s no doubt that the scope of security has expanded in the wake of the global pandemic. What was once an area governed by a select few security or IT professionals within a business has now become a crucial company investment involving many key stakeholders. The role of security has expanded to encompass a broader range of health and safety challenges for businesses Additionally, the role of security has expanded to encompass a broader range of health and safety challenges for businesses. Fortunately, security technologies have made significant strides and many solutions, both existing and new, have been thrust forward to address today’s biggest business challenges. Investment in security technology It’s important to note that businesses are eager to adopt tech that can help them protect their people. Nearly half (46%) of organizations surveyed by Forrester report that they’re considering an increasing investment in technology solutions that ensure employee safety. Technologies like touchless access control, visitor management systems, occupancy monitoring, and installed/wearable proximity sensors are among some of the many security technologies these organizations have implemented or are planning to implement yet this year. Facilitating a safe return to work But what does the future look like? When it comes to the post-pandemic workplace, organizations are taking a hard look at their return-to-work strategy. Flexible or hybrid workforce models require a suite of security solutions to help ensure a safer, healthier environment More than half (53%) of organizations surveyed by Forrester are looking to introduce a flexible work schedule for their employees as they make decisions about returning to work and keeping employees safe post-pandemic. Such flexible – or hybrid – workforce models require a suite of security solutions to help ensure a safer, healthier environment for all who traverse a facility or work on-site. One of the central safety and security challenges raised by these hybrid models is tracking who is present in the building at any one time – and where or how they interact. Leveraging security technology With staggered schedules and what may seem like a steady stream of people passing through, it can be difficult to know who’s an employee and who’s a visitor. Access control will be key to monitoring and managing the flow of people on-site and preventing unauthorized access. When access control systems are properly integrated with visitor management solutions, businesses can unlock further benefits and efficiencies. For instance, integrated visitor management systems can allow for pre-registration of visitors and employees – granting cellphone credentials before people arrive on-site – and automated health screening surveys can be sent out in advance to help mitigate risk. Once someone reaches the premises, these systems can also be used to detect the person’s temperature and scan for a face mask, if needed.  We will likely see these types of visitor management and advanced screening solutions continue to rise in popularity, as 47% of organizations surveyed by Forrester report that they’re considering requiring employee health screening post-pandemic. Defining the office of the future A modern, dynamic workforce model will require an agile approach to office management. It’s imperative to strike the right balance between making people feel welcome and reassuring Businesses want to create an environment in which people feel comfortable and confident – a space where employees can collaborate and be creative. It’s imperative to strike the right balance between making people feel welcome and reassuring them that the necessary security measures are in place to ensure not only their safety but also their health. In many cases, this balancing act has created an unintended consequence: Everyone now feels like a visitor to a building. Protocols and processes With employees required to undergo the same screening processes and protocols as a guest, we’ve seen a transformation in the on-site experience. This further underscores the need for seamless, automated, and tightly integrated security solutions that can improve the employee and visitor experience, while helping to ensure health and safety. Ultimately, the future of the office is not about what a space looks like, but how people feel in it. This means adopting a “safety-always” culture, underpinned by the right technology, to ensure people that their safety remains a business’ top priority.