Dubai, UAE. – Check Point Research, the Threat Intelligence arm of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber security solutions globally, has published its latest Global Threat Index for February 2021. Researchers reported that the Trickbot trojan

continues to reign as the top malware targeting 7 percent of UAE businesses for the second consecutive month. xHelper, a malicious application seen in the wild since March 2019, used for downloading other malicious apps and display advertisement, sees an increase in activity as it targets to close to 6 percent of users in the UAE.

During February, Trickbot was being distributed via a malicious spam campaign designed to trick users in the legal and insurance sectors into downloading a .zip archive with a malicious JavaScript file to their PCs. Once this file is opened, it attempts to download a further malicious payload from a remote server.

Trickbot was the 4th most prevalent malware globally during 2020, impacting 8% of organizations.  It played a key role in one of the highest-profile and expensive cyberattacks of 2020, which hit Universal Health Services (UHS), a leading healthcare provider in the U.S. UHS was hit by Ryuk ransomware, and stated the attack cost it $67 million in lost revenues and costs. Trickbot was used by the attackers to detect and harvest data from UHS’ systems, and then to deliver the ransomware payload. 

“Trickbot is gaining popularity for its versatility and its track record of success in previous attacks,” said Ram Narayanan, Country Manager, Check Point Software Technologies Middle East. “The fact that this trojan has almost replaced the intensity at which Emotet targeted UAE businesses is proof that cyber criminals are relentless in their actions. The threat actors behind Trickbot target financial institutions using a wide array of modules not only to steal credentials from the target PC, but also for lateral movement and reconnaissance on the targeted organization itself, prior to delivering a company-wide targeted ransomware attack. Businesses must focus on training and educating its employees in identifying malicious emails, so they can stop the trojan in its tracks and avoid exposing the entire networks.”

Check Point Research also warns that “Web Server Exposed Git Repository Information Disclosure” is the most common exploited vulnerability, impacting 48% of organizations globally, followed by “HTTP Headers Remote Code Execution (CVE-2020-13756)” which impact 46% of organizations worldwide. “MVPower DVR Remote Code Execution” is third place in the top exploited vulnerabilities list, with a global impact of 45%.

Top malware families

*The arrows relate to the change in rank compared to the previous month

Trickbot ranks as most popular malware impacting 7 percent of organizations in the UAE, closely followed by xHelper and Floxif which also impacted close to 6 per cent and 3 per cent of organizations in the UAE respectively.

  • Trickbot - Trickbot is a dominant botnet and banking Trojan constantly being updated with new capabilities, features and distribution vectors. This enables Trickbot to be a flexible and customizable malware that can be distributed as part of multi-purpose campaigns.
  • ↑ xHelper - A malicious application seen in the wild since March 2019, used for downloading other malicious apps and display advertisement. The application is capable of hiding itself from the user, and reinstall itself in case it was uninstalled.
  • ↑ Floxif - Floxif is an info stealer and backdoor, designed for Windows OS. It was used in 2017 as part of a large scale campaign in which attackers inserted Floxif (and Nyetya) into the free version of CCleaner (a cleanup utility) thus infecting more than 2 million users, amongst them large tech companies such as Google, Microsoft, Cisco, and Intel.

Check Point’s Global Threat Impact Index and its ThreatCloud Map is powered by Check Point’s ThreatCloud intelligence, the largest collaborative network to fight cybercrime which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database inspects over 3 billion websites and 600 million files daily, and identifies more than 250 million malware activities every day.

Send us your press releases to pressrelease.zawya@refinitiv.com

© Press Release 2021

Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.

The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.

To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.