In Check Point’s Global Threat Index for September 2023, significant shifts in the cybersecurity landscape were unveiled. Education and Research remained the most targeted industries during this period.
A large-scale phishing campaign in Colombia led to the surge of the Remcos Remote Access Trojan (RAT) and the rise of Formbook as the most prevalent malware after the FBI disrupted Qbot, a notorious malware that had infected 700,000 computers worldwide. Despite the disruption, the cybercriminals behind Qbot continued their activities by distributing a new malware called Ransom Knight.
The Remcos RAT gained prominence as the second most prevalent malware in September, following a phishing campaign that targeted over 40 prominent Colombian businesses.
Remcos is a sophisticated Remote Access Trojan that grants attackers complete control over infected systems, posing severe threats such as data theft, further malware infections, and account takeovers. Check Point’s VP of Research, Maya Horowitz, emphasized the importance of cyber resilience to counter such invasive evasion techniques employed by attackers.
Formbook, an Infostealer designed for Windows OS, took the top spot in the global malware rankings with a 3% impact on organizations worldwide. Known for its potent evasion techniques and relatively low cost in underground hacking forums, Formbook can harvest credentials, capture screenshots, log keystrokes, and execute files on an attacker’s command. This shift marked the end of Qbot’s long-standing reign as the most prevalent malware, even though the group behind Qbot remained active, distributing new malware.
The report also highlighted the top attacked industries, with Education/Research being the primary target, followed by Communications and Government/Military sectors. Additionally, exploited vulnerabilities included “Web Servers Malicious URL Directory Traversal,” affecting 47% of organizations globally. As cybersecurity threats evolve, organizations are urged to remain vigilant and implement robust security measures to counter the ever-present dangers of malware and vulnerabilities.