Check Point 6月網絡威脅指數
網絡安全威脅使很多人對網上交易望而卻步。網絡安全解決方案供應商Check Point軟件技術有限公司的威脅情報部門Check Point Research(CPR)發佈了6月最新版《全球威脅指數》報告。報告稱,在 5 月底FluBot遭到打擊後,出現了一種名為MaliBot的全新Android銀行惡意軟件。
惡意軟件MaliBot瞄準流動銀行
儘管只是剛剛被發現,但銀行惡意軟件MaliBot已在最猖獗的流動惡意軟件排行榜中位居第三。MaliBot偽裝成不同名稱的加密貨幣挖礦應用程式,並瞄準流動銀行使用者竊取財務資訊。MaliBot類似於FluBot,使用網絡釣魚短訊(短訊詐騙)誘騙受害者點擊惡意連結,再將他們重新定向至下載包含惡意軟件的虛假應用程式。
本月令惡意軟件盛行的另一關鍵事件是Amazon一年一度的購物狂歡節Amazon Prime Day。在7月初,CPR已經觀察到每日與Amazon有關的釣魚攻擊比6月的每日平均數增加37%。2021年6月在Amazon Prime Day期間,CPR目睹了與此相關的釣魚電郵增加了86%,與上個月相比,釣魚連結增加了16%。7月,有近1,900個與 「Amazon」一詞有關的新網域,當中9.5%被發現是有惡意或者可疑的風險。釣魚電郵是最常見的網絡攻擊類型之一,因為有效且易於執行。
同樣在本月,Emotet仍是總體上最猖獗的惡意軟件。自上個月位列排行榜第八以來,Snake鍵盤記錄器愈加活躍,隨即上升至第三位。Snake的主要功能是記錄使用者的擊鍵次數並將收集到的數據傳送給攻擊者。儘管在5月,CPR發現了Snake鍵盤記錄器通過PDF檔散播,但最近它一直通過包含Word附件(標記為報價請求)的電郵進行傳播。此外,研究人員還在6月報告了Emotet 的新變體。該變體具有信用卡竊取功能,並將攻擊矛頭指向Chrome瀏覽器用戶。
Check Point香港及澳門總經理周秀雲表示:「很高興看到執法部門成功打擊了FluBot這樣的惡意軟件及其背後的犯罪組織,但遺憾的是沒過多久,一種新的手機惡意軟件便取而代之。網絡犯罪分子非常清楚流動裝置在許多人的生活中發揮著核心作用,因此一直在根據他們的行為方式調整並改進其策略。威脅態勢正快速演變,手機惡意軟件對個人和企業安全均構成重大威脅。部署強大的流動威脅防禦解決方案變得空前重要。」
CPR還指出,「Apache Log4j遙距代碼執行」是最常被利用的漏洞,全球43%的機構因此遭殃,緊隨其後的是資訊洩露漏洞「Web Server Exposed Git Repository Information Disclosure」,全球影響範圍為42.3%。「Web伺服器惡意URL目錄遍歷漏洞」位居第三,全球影響範圍為42.1%。
香港6月份主要惡意軟件
以下列表提供香港6月份的主要威脅,以及香港排名前11的惡意軟件名單。
- 本月,Emotet仍是第一大惡意軟件,全球14%的機構因此遭殃,其次是Formbook和 Snake鍵盤記錄器,兩者均影響了全球4.4%的機構。
- 本月,教育/研究行業仍是全球首要攻擊目標,其次是政府/軍事部門和醫療行業。
- 本月,「Apache Log4j遙距代碼執行」是最常被利用的漏洞,全球43%的機構受到波及,緊隨其後的是資訊洩露漏洞「Web Server Exposed Git Repository Information Disclosure」,全球影響範圍為42.3%。「Web伺服器惡意URL目錄遍歷漏洞」位居第三,全球影響範圍為42.1%。
- AlienBot是本月最猖獗的手機惡意軟件,其次是Anubis和MaliBot。
香港6月份主要惡意軟件
| 惡意軟件 | 簡 介 | 影響全球機構百分比 | 影響香港機構百分比 |
| Emotet | Emotet is an advanced, self-propagating and modular Trojan that was once used as a banking Trojan, and currently distributes other malware or malicious campaigns. Emotet uses multiple methods for maintaining persistence and evasion techniques to avoid detection and can be spread via phishing spam emails containing malicious attachments or links. | 14.12% | 14.99% |
| AgentTesla | AgentTesla is an advanced RAT which functions as a keylogger and password stealer and has been active since 2014. AgentTesla can monitor and collect the victim’s keyboard input and system clipboard, and can record screenshots and exfiltrate credentials for a variety of software installed on a victim’s machine (including Google Chrome, Mozilla Firefox and Microsoft Outlook email client). AgentTesla is sold on various online markets and hacking forums. | 2.84% | 10.06% |
| Formbook | FormBook is an Infostealer targeting the Windows OS and was first detected in 2016. It is marketed as Malware as a Service (MaaS) in underground hacking forums for its strong evasion techniques and relatively low price. FormBook harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files according to orders from its C&C. | 4.38% | 4.93% |
| Fujacks | Fujacks is a Worm that is capable of infecting other machines via Internet downloads, Instant Messaging software, or removable drives such as USB keys. | 0.55% | 3.00% |
| Lamer | Lamer is a Trojan malware, it enters and penetrates your PC’s defenses for malicious purposes such as stealing information while it remains unnoticed. Lamer spreads via malicious email spam or via a set of infection tools. | 0.36% | 2.36% |
| Ramnit | Ramnit is a modular banking Trojan first discovered in 2010. Ramnit steals web session information, giving its operators the ability to steal account credentials for all services used by the victim, including bank accounts, and corporate and social networks accounts. The Trojan uses both hardcoded domains as well as domains generated by a DGA (Domain Generation Algorithm) to contact the C&C server and download additional modules. | 1.88% | 2.36% |
| XMRig | XMRig is open-source CPU mining software used to mine the Monero cryptocurrency. Threat actors often abuse this open-source software by integrating it into their malware to conduct illegal mining on victims’ devices. | 2.52% | 1.71% |
| NJRat | NJRat is a remote accesses Trojan, targeting mainly government agencies and organizations in the Middle East. The Trojan has first emerged on 2012 and has multiple capabilities: capturing keystrokes, accessing the victim’s camera, stealing credentials stored in browsers, uploading and downloading files, performing process and file manipulations, and viewing the victim’s desktop. NJRat infects victims via phishing attacks and drive-by downloads, and propagates through infected USB keys or networked drives, with the support of Command & Control server software. | 1.53% | 1.28% |
| Mirai | Mirai is an infamous Internet-of-Things (IoT) malware that tracks vulnerable IoT devices, such as web cameras, modems and routers, and turns them into bots. The botnet is used by its operators to conduct massive Distributed Denial of Service (DDoS) attacks. The Mirai botnet first surfaced in September 2016 and quickly made headlines due to some large-scale attacks including a massive DDoS attack used to knock the entire country of Liberia offline, and a DDoS attack against the Internet infrastructure firm Dyn, which provides a significant portion of the United States internet’s infrastructure. | 0.88% | 1.07% |
| Vidar | Vidar is an infostealer that targets Windows operating systems. First detected at the end of 2018, it is designed to steal passwords, credit card data and other sensitive information from various web browsers and digital wallets. Vidar is sold on various online forums and used as a malware dropper to download GandCrab ransomware as its secondary payload. | 0.96% | 0.86% |
| AutoRun | AutoRun is a Worm that targets the Windows platform. This malware spreads copies of itself throughout the drives of infected systems. It attempts to spread itself through removable drives. Additionally, it may spread itself through various popular messenger applications using multiple different message contents. | 0.26% | 0.86% |