DUBAI, UAE: Check Point Research, the Threat Intelligence arm of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber security solutions globally, has published its latest Global Threat Index for December 2021. In a month that saw the Apache Log4j vulnerability sweep the internet, researchers reported that Trickbot is still the most prevalent malware in the UAE, affecting 8% of organizations in December 2021 as compared to 7% in November 2021. The recently resurgent Emotet has swiftly risen from eighth position to second as it targets nearly 3% of the organisations in the UAE with close to 2% in November 2021. CPR also reveals that the most attacked industry continues to be Education/Research.
This month “Apache Log4j Remote Code Execution” is the most exploited vulnerability, affecting 48.3% of organizations globally. The vulnerability was first reported on December 9th in the Apache logging package Log4j – the most popular Java logging library used in many Internet services and apps with over 400,000 downloads from its GitHub project. The vulnerability caused a new plague, impacting almost half of all companies worldwide in a very short space of time. Attackers are able to exploit vulnerable apps to execute cryptojackers and other malware on compromised servers. Until now, most of the attacks have focused on the use of cryptocurrency mining at the expense of the victims however, advanced attackers have started to act aggressively and take advantage of the breach on high-quality targets.
“The security landscape is becoming more complex and strenuous to determine. We recently witnessed Log4j, one of the most serious vulnerabilities we have ever encountered, and due to the complexity in patching it and its easiness to exploit, it is likely to stay with us for many years to come unless companies take immediate action to prevent attacks,” said Ram Narayanan, Country Manager at Check Point Software Technologies, Middle East. “This month we have also seen the Emotet botnet move from the eighth most prevalent malware in the UAE to the second. As assumed, it did not take much time for Emotet to build a strong foundation since it reappeared in November. It is evasive and is spreading fast via phishing emails with malicious attachments or links. According to Check Point Software’s latest threat intelligence report, 84% of the malicious files in United Arab Emirates were delivered via email in the last 30 days. It is now more important than ever to have a robust email security solution in place and to ensure that users know how to identify suspicious looking messages or attachments.”
CPR revealed this month that Education/Research is the most attacked industry globally, followed by Government/Military and ISP/MSP. “Apache Log4j Remote Code Execution” is the most commonly exploited vulnerability, impacting 48.3% of organizations globally, followed by “Web Server Exposed Git Repository Information Disclosure” which affects 43.8% of organizations worldwide. “HTTP Headers Remote Code Execution” remains in third place in the top exploited vulnerabilities list, with a global impact of 41.5%.
Top malware families
*The arrows relate to the change in rank compared to the previous month.
This month, Trickbot is the most popular malware impacting almost 8% of organizations in the UAE, followed by Emotet with close to 3% and Formbook with an impact of 2%.
- ↑ Trickbot - Trickbot is a modular Botnet and Banking Trojan constantly being updated with new capabilities, features and distribution vectors. This enables Trickbot to be a flexible and customizable malware that can be distributed as part of multi-purpose campaigns.
- ↑ Emotet – Emotet is an advanced, self-propagating and modular Trojan. Emotet once used as a banking Trojan but recently is used as a distributer to other malware or malicious campaigns. It uses multiple methods for maintaining persistence and evasion techniques to avoid detection. In addition, it can spread through phishing spam emails containing malicious attachments or links.
- ↓ Formbook - Formbook is an InfoStealer that harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files according to its C&C orders.
Check Point’s Global Threat Impact Index and its ThreatCloud Map is powered by Check Point’s ThreatCloud intelligence. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide, over networks, endpoints and mobiles. The intelligence is enriched with AI-based engines and exclusive research data from Check Point Research, The Intelligence & Research Arm of Check Point Software Technologies.
The complete list of the top 10 malware families in December can be found on the Check Point blog.
Follow Check Point Research via:
Blog: https://research.checkpoint.com/
Twitter: https://twitter.com/_cpresearch_
About Check Point Research
Check Point Research provides leading cyber threat intelligence to Check Point Software customers and the greater intelligence community. The research team collects and analyzes global cyber-attack data stored on ThreatCloud to keep hackers at bay, while ensuring all Check Point products are updated with the latest protections. The research team consists of over 100 analysts and researchers cooperating with other security vendors, law enforcement and various CERTs.
About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading provider of cyber security solutions to corporate enterprises and governments globally. Check Point Infinity´s portfolio of solutions protects enterprises and public organizations from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware and other threats. Infinity comprises three core pillars delivering uncompromised security and generation V threat prevention across enterprise environments: Check Point Harmony, for remote users; Check Point CloudGuard, to automatically secure clouds; and Check Point Quantum, to protect network perimeters and datacenters, all controlled by the industry’s most comprehensive, intuitive unified security management. Check Point protects over 100,000 organizations of all sizes.
© Press Release 2022
Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.
The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.
To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.
