Check Point 10月份網絡威脅指數以及2021年網絡安全預測
10月份網絡威脅指數 – 香港/全球
研究人員發現,Trickbot 和 Emotet 木馬在 10 月份仍然是最猖獗的兩大惡意軟件,是全球各地醫院和醫療服務提供者勒索軟件攻擊急劇增加的罪魁禍首。
Check Point 威脅情報數據顯示,在10月份,醫療行業是美國地區勒索軟件攻擊的最大目標,攻擊數量比2020年9月增加了71%。歐非中東和亞太地區也是如此,醫療組織和醫院遭到的勒索軟件攻擊分別增長了 36% 和 33%。
你可以在下列表中查看香港10月份首 10名惡意軟件。你亦可按此瀏覽全球首10 個惡意軟件排名。
2021年網絡安全預測
同時,Check Point 亦發布了有關2021年網絡安全預測,敦促世界各地的組織需保護自己免受不斷演變的網絡攻擊,以應對專家稱之為「下一個常態」的新階段。
81% 的企業為員工採用大規模遙距工作,74% 的企業計劃永久實行遠端工作,因此,各地的組織都預計面臨與冠狀病毒相關的更複雜的網絡攻擊,其中:
- 冒充疫苗的網絡釣魚活動 – 由於新冠肺炎疫情仍爲焦點新聞,疫苗開發或新的國家社交距離限制的新聞將繼續用於網絡釣魚活動。犯罪分子或想從中得到好處的國家將延續2020年的趨勢,視開發疫苗的製藥公司為惡意攻擊的目標。
- 攻擊遙距學習人士 – 學校和大學因應疫情不得不轉向大規模使用網上學習平台,因此,在8月份,即新學期開始之前,此範疇每周網絡攻擊增加了30%,這或許不足為奇。 攻擊遙距學習活動將持續至來年。
- 更多雙重勒索軟件攻擊 – 今年第 3 季度,雙重勒索軟件攻擊急劇上升:累客在加密受害者的資料庫之前先提取了大量敏感數據。然後,攻擊者將威脅要發佈這些數據,除非支付贖金要求,給組織帶來額外的壓力,以滿足黑客的要求。醫院是最高危和最受觸目的雙重勒索襲擊目標之一。
- Deepfake武器化:假冒影片或語音的技術現在已經先進得可以武器化,並被用來製造有針對性的內容來操縱意見,股價,甚至更差的事情。今年早些時候,比利時的一個政治團體發佈了比利時首相發表演講的一段Deepfake影片,該影片將新冠肺炎與環境破壞聯繫起來,並呼籲就氣候變化採取行動。許多觀眾相信這次演講是真實的。在更簡單的級別上,語音可以偽造為語音網絡釣魚,因此行政總裁的聲音可以偽造以繞過語音身份驗證。
- 5G 優勢和挑戰:5G 的完全互聯高速世界也為犯罪分子和黑客提供了攻擊並擾亂連接的機會。電子健康設備將收集有關使用者健康的數據,汽車服務將監控使用者的活動,智慧城市應用程式將收集有關使用者的生活。許多數據將繞過公司網絡及其安全控制,所以更需要保護來自長期在線的 5G 設備的海量數據免遭違規、盜竊和篡改,以確保隱私和安全性免受攻擊。
| 香港10月份主要惡意軟件 | |||
| 惡意軟件 | 簡介 | 影響全球機構百份比 | 影響香港機構百份比 |
| Trickbot | Trickbot is a modular Banking Trojan that targets the Windows platform, mostly delivered via spam campaigns or other malware families such as Emotet. Trickbot sends information about the infected system and can also download and execute arbitrary modules from a large array of available modules: from a VNC module for remote control, to an SMB module for spreading within a compromised network. Once a machine is infected, the Trickbot gang, the threat actors behind this malware, utilize this wide array of modules not only to steal banking credentials from the target PC, but also for lateral movement and reconnaissance on the targeted organization itself, prior to delivering a company-wide targeted ransomware attack. | 3.77% | 10.34% |
| Emotet | Emotet is an advanced, self-propagating and modular Trojan that was once used as a banking Trojan, and currently distributes other malware or malicious campaigns. Emotet uses multiple methods for maintaining persistence and evasion techniques to avoid detection and can be spread via phishing spam emails containing malicious attachments or links. | 13.76% | 8.28% |
| Formbook | First detected in 2016, FormBook is an InfoStealer that targets the Windows OS. It is marketed as MaaS in underground hacking forums for its strong evasion techniques and relatively low price. FormBook harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files according to orders from its C&C. | 1.15% | 5.29% |
| Ramnit | Ramnit is a banking Trojan which incorporates lateral movement capabilities. Ramnit steals web session information, enabling the worm operators to steal account credentials for all services used by the victim, including bank accounts, corporate and social networks accounts. | 1.57% | 3.45% |
| XMRig | First seen in the wild in May 2017, XMRig is an open-source CPU mining software used to mine Monero cryptocurrency. | 2.08% | 2.53% |
| Zloader | Zloade is a descendant of the ubiquitous Zeus banking malware which uses webinjects to steal credentials, passwords and cookies stores in web browsers, and other sensitive information from customers of banks and financial institutions. The malware lets attackers connect to the infected system through a virtual network computing client, so they can make fraudulent transactions from the users device. | 0.38% | 2.30% |
| Dridex | Dridex is a Banking Trojan that targets the Windows platform, observed delivered by spam campaigns and Exploit Kits, which relies on WebInjects to intercept and redirect banking credentials to an attacker-controlled server. Dridex contacts a remote server, sends information about the infected system and can also download and execute additional modules for remote control. | 3.04% | 1.15% |
| Agenttesla | AgentTesla is an advanced RAT (remote access Trojan) that functions as a keylogger and password stealer. Active since 2014, AgentTesla can monitor and collect the victim’s keyboard input and system clipboard, and can record screenshots and exfiltrate credentials entered for a variety of software installed on the victim’s machine (including Google Chrome, Mozilla Firefox and Microsoft Outlook email client). AgentTesla is openly sold as a legitimate RAT with customers paying $15 – $69 for user licenses. | 2.21% | 1.15% |
| Kryptik | Kryptik is a Trojan that targets the Windows platform. It collects system information and sends it out to a remote server. It may download and execute additional malicious files on an infected system. | 0.50% | 1.15% |
| Lokibot | First identified in February 2016, LokiBot is an infostealer with versions for both the Windows and Android OS. It harvests credentials from a variety of applications, web browsers, email clients, IT administration tools such as PuTTY and more. LokiBot is sold on hacking forums and it is believed that its source code was leaked, thus allowing numerous variants to appear. Since late 2017, some Android versions of LokiBot include ransomware functionality in addition to their infostealing capabilities. | 0.37% | 1.15% |
| RigEK | Rig EK was first introduced in April 2014. It has since received several large updates and continues to be active to this day. In 2015, as result of an internal feud between its operators, the source code was leaked and has been thoroughly investigated by researchers. Rig delivers Exploits for Flash, Java, Silverlight and Internet Explorer. The infection chain starts with a redirection to a landing page that contains JavaScript that checks for vulnerable plug-ins and delivers the exploit. | 1.44% | 1.15% |
發表迴響