October 2020’s Most Wanted Malware: Trickbot And Emotet Trojans Are Driving Spike In Ransomware Attacks
Check Point Research reports that Trickbot and Emotet top the Global Threat Index, and are being used for distributing ransomware against hospitals and healthcare providers globally.
Check Point Research, the Threat Intelligence arm of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber security solutions globally, has published its latest Global Threat Index for October 2020. Researchers reported that the Trickbot and Emotet trojans continue to rank as the top two most prevalent malware in October, and that the trojans have been responsible for the sharp increase in ransomware attacks against hospitals and healthcare providers globally.
The FBI and other U.S. government agencies recently issued a warning about ransomware attacks targeting the healthcare sector, warning that the estimated one million-plus Trickbot infections worldwide are being used to download and spread file-encrypting ransomware such as Ryuk. Ryuk is also distributed via the Emotet trojan, which remains in 1st place in the Top Malware Index for the fourth month in succession.
Check Point threat intelligence data showed that the healthcare sector was the most targeted by ransomware in the U.S. in October, with attacks increasing by 71% compared with September 2020. Similarly, ransomware attacks against healthcare organizations and hospitals in October increased by 36% in EMEA and 33% in APAC.
“We’ve seen ransomware attacks increasing since the start of the coronavirus pandemic, to try and take advantage of security gaps as organizations scrambled to support remote workforces. These have surged alarmingly over the past three months, especially against the healthcare sector, and are driven by pre-existing Trickbot and Emotet infections. We strongly urge healthcare organizations everywhere to be extra vigilant about this risk, and scan for these infections before they can cause real damage by being the gateway to a ransomware attack,” said Maya Horowitz, Director, Threat Intelligence & Research, Products at Check Point.
The research team also warns that “MVPower DVR Remote Code Execution” is the most common exploited vulnerability, impacting 43% of organizations globally, followed by “Dasan GPON Router Authentication Bypass” and “HTTP Headers Remote Code Execution (CVE-2020-13756)” with both impacting 42% of organizations globally.
Read More : The Art of Persuasion in a COVID-19 World