October 2023 witnessed significant developments in the cybersecurity landscape. Check Point Research’s Global Threat Index for the month reveals the emergence of notable trends that have far-reaching impacts on various industries. Notable findings include the rise of the NJRat Remote Access Trojan (RAT), a new mal-spam campaign involving AgentTesla, and vulnerabilities that were widely exploited.
Trend 1: NJRat climbs to second place
NJRat, a RAT primarily targeting government agencies and organizations in the Middle East, jumped four places to the second spot in the malware rankings. This highlights the persistent threat to sensitive government data and organizational security.
Trend 2: AgentTesla Mal-Spam campaign
Impact on Industries: A new mal-spam campaign featuring AgentTesla, the sixth most used malware, was discovered. The malware was distributed via corrupted file attachments in email. AgentTesla’s capabilities include keylogging, clipboard data capture, file system access, and data exfiltration to a Command and Control server. With a focus on impersonating legitimate shipping-related emails, the campaign poses a threat to businesses during a busy shopping season.
Trend 3: Vulnerabilities exploitation
Vulnerabilities continue to be exploited extensively, putting organizations at risk. The “Zyxel ZyWALL Command Injection (CVE-2023-28771)” vulnerability was the most exploited, affecting 42% of organizations globally. This highlights the importance of promptly patching systems to prevent cyberattacks. The “Command Injection Over HTTP” vulnerability also posed significant risks, impacting 42% of organizations worldwide. Web Servers Malicious URL Directory Traversal vulnerabilities were third on the list, with a global impact of 42%. Industries need to prioritize patching and updating their systems to mitigate the risk of exploitation.
Trend 4: Mobile malware threats
In the mobile sphere, Anubis, a versatile Android malware, retained its position as the most prevalent mobile malware. This banking Trojan has evolved to include RAT functionality, keyloggers, audio recording, and ransomware features. AhMyth and Hiddad followed as the next prevalent mobile threats. These mobile threats can compromise personal data, sensitive information, and access to devices, posing risks to individuals and businesses alike.
Top industries affected
Education/Research sector remained the top-most industry facing attacks, followed by Communications and Government/Military. These industries are primary targets for cybercriminals, given the wealth of valuable data they hold. Heightened security measures and threat awareness are essential for organizations in these sectors.