ChannelLife Australia logo
Industry insider news for Australia's technology resellers
Story image

Top 10 malware impacting Australians - Check Point

By Shannon Williams
Mon 14 Mar 2022

Emotet, Formbook and Trickbot have remained the top three malwares affecting Australians in the month of February, according to new research.

Check Point Research, the threat intelligence arm of Check Point Software, has published its latest Global Threat Index for February 2022.

In February, the top three malwares Emotet, Formbook and Trickbot have remained in the same position, the report found. CPR is currently seeing a number of malwares, including Emotet, take advantage of public interest on the Russia-Ukraine conflict by creating email campaigns on the topic that lure people into downloading malicious attachments. 

COR says that Emotet has indeed spreading this with emails that contain malicious files and the subject Recall: Ukraine -Russia Military conflict: Welfare of our Ukrainian Crew member.

Top 10 Malware impacting Australia for February:

Emotet, 2.69% (percentage of Australian cyber incident cases impacted by this specific malware)
Emotet is an advanced, self-propagating and modular Trojan that was once used as a banking Trojan, and currently distributes other malware or malicious campaigns. Emotet uses multiple methods for maintaining persistence and evasion techniques to avoid detection and can be spread via phishing spam emails containing malicious attachments or links.

Formbook, 2.13% (percentage of Australian cyber incident cases impacted by this specific malware)
FormBook is an Infostealer targeting the Windows OS and was first detected in 2016. It is marketed as Malware as a Service (MaaS) in underground hacking forums for its strong evasion techniques and relatively low price. FormBook harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files according to orders from its C&C.

Trickbot, 1.12% (percentage of Australian cyber incident cases impacted by this specific malware)
Trickbot is a modular banking Trojan, attributed to the WizardSpider cybercrime gang. Mostly delivered via spam campaigns or other malware families such as Emotet and BazarLoader. Trickbot sends information about the infected system and can also download and execute arbitrary modules from a large array of available modules, including a VNC module for remote control and an SMB module for spreading within a compromised network. Once a machine is infected, the threat actors behind this malware, utilise this wide array of modules not only to steal banking credentials from the target PC, but also for lateral movement and reconnaissance on the targeted organisation itself, prior to delivering a company-wide targeted ransomware attack.

Ryuk, 1.12% (percentage of Australian cyber incident cases impacted by this specific malware)
Ryuk is a ransomware used by the TrickBot gang in targeted and well-planned attacks against several organisations worldwide. The ransomware was originally derived from the Hermes ransomware, whose technical capabilities are relatively low, and includes a basic dropper and a straight-forward encryption scheme. Nevertheless, Ryuk was able to cause severe damage to targeted organisations, forcing them to pay extremely high ransom payments in Bitcoin. Unlike common ransomware, systematically distributed via massive spam campaigns and Exploit Kits, Ryuk is used exclusively in tailored attacks.

SnakeKeylogger, 0.90% (percentage of Australian cyber incident cases impacted by this specific malware)
Snake is a modular .NET keylogger and credential stealer first spotted in late November 2020; Its primary functionality is to record users keystrokes and transmit collected data to the threat actors. Snake infections pose a major threat to users' privacy and online safety, as the malware can steal virtually all kinds of sensitive information and it is a particularly evasive and persistent keylogger.

Vidar, 0.78% (percentage of Australian cyber incident cases impacted by this specific malware)
Vidar is an infostealer that targets Windows operating systems. First detected at the end of 2018, it is designed to steal passwords, credit card data and other sensitive information from various web browsers and digital wallets. Vidar is sold on various online forums and used as a malware dropper to download GandCrab ransomware as its secondary payload.

FluBot, 0.78% (percentage of Australian cyber incident cases impacted by this specific malware)
FluBot is an Android malware distributed via phishing SMS messages (Smishing), most often impersonating logistics delivery brands. Once the user clicks the link inside the message, they are redirected to the download of a fake application containing FluBot. Once installed the malware has various capabilities to harvest credentials and support the Smishing operation itself, including uploading of the contacts list, as well as sending SMS messages to other phone numbers.

RigEK, 0.67% (percentage of Australian cyber incident cases impacted by this specific malware)
The oldest and best known of the currently operating Exploit Kits, RigEK has been around since mid-2014. Its services are offered for sale on hacking forums and the TOR Network. Some entrepreneurs even re-sell low-volume infections for those malware developers not yet big enough to afford the full-fledged service. RigEK has evolved over the years to deliver anything from AZORult and Dridex to little-known ransomware and cryptominers.

Tofsee, 0.67% (percentage of Australian cyber incident cases impacted by this specific malware)
Tofsee is a Trickler that targets the Windows platform. This malware attempts to download and execute additional malicious files on target systems. It may download and display an image file to a user in an effort to hide its true purpose.

Yakes, 0.56% (percentage of Australian cyber incident cases impacted by this specific malware)
Yakes is a Trickler that targets the Windows platform. This malware creates a new process of svchost and injects malicious code into it. The malicious code is responsible for contacting a remote server, expecting to receive base64 encoded data. This data represents an URL to download malware on the infected system.

Banload, 0.56% (percentage of Australian cyber incident cases impacted by this specific malware)
Banload is a downloader Trojan that downloads unwanted files from remote servers into the victims machine.

Malware families Vidar and Flubot were tied in 6th place, RigEK and Tofsee were tied in 8th place, and Yakes and Banload were tied in 10th place. 

Related stories
Top stories
Story image
Amazon Web Services / AWS
Zscaler, AWS accelerate onramp to the cloud with zero trust
Zscaler has announced an extension to its relationship with Amazon Web Services, as well as innovations built on Zscaler's Zero Trust architecture.
Story image
Aqua Security, CIS create software supply chain security guide
Aqua Securityand the Center for Internet Security have together released the industry’s first formal guidelines for software supply chain security.
Story image
Threat actors ramp up their social engineering attacks
As people get better at identifying potential threats in their inbox, threat actors must evolve their methods. Their new M.O? Social engineering.
Story image
Consumers want personalisation, but don't trust brands with their data
Customers expect personalisation during every brand interaction but they don't trust brands to keep their personal data secure and to use it responsibly. 
Story image
TerraMaster launches its T6-423 Professional NAS with TOS 5 OS
Shenzhen-based data storage manufacturer, TerraMaster, has launched the T6-423 6-bay tower NAS.
Story image
Cloudflare outage in 19 data centers worldwide due to own error
Cloudflare says its outage for 19 of its data centers yesterday was because of a change in a long-running project to increase resilience in its busiest locations.
Story image
Phishing attacks are making a comeback
No matter what approach or tool cybercriminals use to breach a network, they all have one thing in common: access.
Story image
Microsoft launches app for modern selling experience
The new release is designed to enhance CRM systems with customer engagement data from Microsoft 365 and Microsoft Teams.
Story image
Palo Alto Networks named Google Cloud technology partner of the year for security
Palo Alto Networks was recognised for helping organisations rapidly transform security operations for future success.
Story image
Varonis strengthens security capabilities for AWS and S3
Varonis has strengthened and expanded its cloud and security capabilities, with a critical aim of improving safety and boosting data visibility in Amazon Simple Storage Service (S3).
Story image
Trend Micro unveils dedicated security for electric vehicles
The cybersecurity company has announced VicOne - dedicated security for the electric vehicles and connected cars of today and tomorrow.
Story image
The best ways to attract young talent during labour shortages
New research from Citrix reveals hybrid working and ventures into the metaverse are top of mind for Gen Z workers.
Story image
Helping Western Sydney Local Health District provide a new model of care in the fight against COVID
Western Sydney Local Health District (WSLHD) and PwC’s Consulting Business came together to solve through the challenges of COVID-19.
Story image
Corpay partners with supply chain platform PracBiz Exchange
Corpay's new partnership with PracBiz’s allows more than 4000 B2B suppliers on the latter's platform to use Corpay's global payments services.
Story image
Digital Transformation
Cybersecurity priorities for digital leaders navigating digital transformation
In recent years, Asia-Pacific has especially been a hotspot for cyberattacks, and as we continue into 2022, it’s evident that the problem is becoming more significant.
Story image
Hybrid workforce
Why hybrid working is here to stay and how to ace it
Citrix's new report reveals hybrid workers are more productive and engaged at work than their office and completely remote counterparts.
Story image
3D Printing
Fleet Space, Konica Minolta partner for 3D printer offering
Fleet Space has partnered with Konica Minolta to implement 3D printers from 3D Systems to support the commercial small satellite manufacturer’s offerings.
Story image
Network Security
Netskope announces zero trust network access updates
Customers can now apply zero trust principles across a range of hybrid work security needs, including SaaS, IaaS, private applications, and endpoint devices.
Story image
Q1 DDoS and application attack activity reveals surprise result
The cybersecurity threat landscape in the first quarter of 2022 represented a mixed bag of old enemies and new foes. New actors dominated the DDoS threat landscape while application security faced tried-and-true attack vectors.
Story image
Identity and Access Management
Ping Identity launches corporate venture capital fund
Ping Identity has launched a corporate venture capital fund to foster innovative offerings for the identity security market.
Story image
Manhattan Associates
New late-stage order cancellation to improve customer service
Manhattan Associates launches new service allowing orders to be cancelled up to the point of manifested/loaded status, preventing unwanted shipments and costly returns.
Story image
Adobe survey reveals link between brand trust and consumer buy-in
Adobe has announced results from a study, which finds a strong correlation between brand trust and consumer behaviour.
Story image
Unified Communications
Video: 10 Minute IT Jams - An update from Access4
Access4 are specialists in the unified communications sector, and Peter Eldon joins us today to discuss how UCaaS can play a vital role in business development.
Story image
Ingram Micro launches vendor-backed security program
Ingram Micro has unveiled a new program intended to give resellers the effective offerings their customers need to stay safe in the evolving threat landscape.
Story image
Tech job moves
Tech job moves - Boomi, Limepay, Thales, VMware & Zoom
We round up all job appointments from June 6-16, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Microsoft expands APAC Enabler Mentorship Program
"Mentors are the key to success for every professional. A good mentor is a coach, a guide, as well as a vocal advocate."
Story image
Market growth
Salesforce unveils new offerings for consumer goods companies
Salesforce has announced new products for consumer goods companies to help brands navigate increasing market complexity more easily.
Story image
LastPass announces new capability for iPhones and iPads
LastPass has announced its new save and fill experience, allowing customers to fill in, create and save their credentials directly within the site's form field.
Story image
Flashpoint unveils security offering for school boards
Flashpoint has released its K-12 risk management and security offering to provide school boards and education security practitioners with tools to recognise, prevent and manage cyber and physical threats.
Story image
Cloudera harnesses the power of cloud and data management for digital transformation
The data management landscape has changed significantly in recent years, with customer demands shifting and evolving in light of new technology and work processes.
Story image
Jamf updates healthcare IT to protect data on Apple devices
Jamf has rolled out new functionality to help healthcare and IT teams protect patient data and streamline clinical access for their Apple fleet.
Story image
New ride service inDriver arrives in Melbourne - pick your own fares
inDriver has launched in Melbourne, Australia and says it's set to disrupt the ride-hailing industry by allowing passengers and drivers to set and pick their own fares.
Story image
Hands-on review: Philips Hue White and Color Ambiance Starter Kit A60
Philips’ range of Hue smart lighting promises to make any home a smart home. Techday’s Darren Price checks out the Philips Hue White and Color Ambiance Starter Kit A60.
Story image
QuSecure partners with DataBridge Sites to showcase platform
QuSecure has partnered with DataBridge Sites to showcase its Quantum-as-a-Service (QaaS) orchestration platform, QuProtect.
Story image
SAS and Greater Bank launches new AML and fraud service
Greater Bank and SAS have joined forces to deliver a new fraud detection and anti-money laundering solution that bolsters the protection of its 270,000 plus customers.
Story image
New survey uncovers critical OT security challenges
While industrial control environments continue to be a target for cyber criminals, there are widespread gaps in industrial security.
Story image
Digital Transformation
Apptio adds portfolio enhancements to promote digital strategy
"While digitalisation creates opportunities, it also makes budgeting far more complex, leading many companies to waste substantial funds."
Story image
NetApp announces winners of APAC Partner Excellence Awards
These awards recognise partners that have demonstrated success in delivering new cloud experiences, unlocking greater business value for their customers.
Story image
Rapid7 report examines use of double extortion ransomware attacks
New insight into how attackers think when carrying out cyber attacks, along with further analysis of the disclosure layer of double extortion ransomware attacks, has come to light.
Story image
Martello and Mitel renew and extend their partnership
Martello has entered into an Amended Agreement with key partner Mitel, laying out the commercial terms under which it provides the Mitel Performance Analytics (MPA) software for sale to Mitel customers and partners.
Story image
Australia worst in the world for mobile app threats
Australia is the country with the highest percentage of mobile app threats detected, according to new research.
Story image
Lenovo announces launch of Retail Solutions portfolio in A/NZ
Lenovo has announced the launch of its Lenovo Retail Solutions portfolio across the A/NZ region, which they say will help retailers transform their business and face future retail demands.
Story image
New research shows global drive for passwordless authentication
A new study has shown there has been a significant shift towards wanting a passwordless future, but adoption is still in its infancy.
Story image
Intel Arc A380 graphics units launched in China, global release imminent
New Intel Arc A380 graphics units are set to bring next-generation technologies to gamers and content creators in the coming months.