I Norge var det skadevaren Hiddad som påvirket mest i januar. Hele 11,74% av organisasjonene har blitt berørt. Hiddad er en Android skadevare som kan repakketere apper og gi ut informasjon til tredjepart.
Emotet-trojanen topper den globale listen også i januar, påvirker 6% av organisasjonene globalt. Under følger en rapport for skadevare i januar. Dette er de norske tallene fra Check Point.
|
Top 10 Norge |
|||
|
Malware_Family_Name |
Beskrivelse | Global Innvirkning | Nasjonal Innvirkning |
|
Hiddad |
Hiddad is an Android malware which repackages legitimate apps and then releases them to a third-party store. Its main function is to display ads, but it can also gain access to key security details built into the OS. | 2.65% | 11.74% |
| Trickbot | Trickbot is a modular Banking Trojan that targets the Windows platform, mostly delivered via spam campaigns or other malware families such as Emotet. Trickbot sends information about the infected system and can also download and execute arbitrary modules from a large array of available modules: from a VNC module for remote control, to an SMB module for spreading within a compromised network. Once a machine is infected, the Trickbot gang, the threat actors behind this malware, utilize this wide array of modules not only to steal banking credentials from the target PC, but also for lateral movement and reconnaissance on the targeted organization itself, prior to delivering a company-wide targeted ransomware attack. | 3.67% | 2.15% |
| XMRig | First seen in the wild in May 2017, XMRig is an open-source CPU mining software used to mine Monero cryptocurrency. | 3.23% | 1.96% |
| RigEK | Rig EK was first introduced in April 2014. It has since received several large updates and continues to be active to this day. In 2015, as result of an internal feud between its operators, the source code was leaked and has been thoroughly investigated by researchers. Rig delivers Exploits for Flash, Java, Silverlight and Internet Explorer. The infection chain starts with a redirection to a landing page that contains JavaScript that checks for vulnerable plug-ins and delivers the exploit. | 1.74% | 1.96% |
| Phorpiex | Phorpiex is a botnet (aka Trik) has been since 2010 and at its peak controlled more than a million infected hosts. Known for distributing other malware families via spam campaigns as well as fueling large-scale spam and sextortion campaigns. | 3.92% | 1.76% |
| Arkei | Arkei is a Trojan stealer. Arkei steals confidential information, login credentials and wallet private keys. | 0.85% | 1.17% |
| Dridex | Dridex is a Banking Trojan that targets the Windows platform, observed delivered by spam campaigns and Exploit Kits, which relies on WebInjects to intercept and redirect banking credentials to an attacker-controlled server. Dridex contacts a remote server, sends information about the infected system and can also download and execute additional modules for remote control. | 3.28% | 1.17% |
| Emotet | Emotet is an advanced, self-propagating and modular Trojan that was once used as a banking Trojan, and currently distributes other malware or malicious campaigns. Emotet uses multiple methods for maintaining persistence and evasion techniques to avoid detection and can be spread via phishing spam emails containing malicious attachments or links. | 6.38% | 1.17% |
| Formbook | First detected in 2016, FormBook is an InfoStealer that targets the Windows OS. It is marketed as MaaS in underground hacking forums for its strong evasion techniques and relatively low price. FormBook harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files according to orders from its C&C. | 2.79% | 1.17% |
| Neshta | Neshta is a trojan which was first seen in the wild on 2010. Neshta makes modifications in the system registries and in the browser settings in order to install malicious toolbars or extensions. Neshta distributes itself by injections its code to other executable files. | 0.36% |
0.98% |
