Check Point 2月份網絡威脅指數及Microsoft Exchange Server漏洞

Check Point 2月份網絡威脅指數及Microsoft Exchange Server漏洞

 

全球領先網絡安全解決方案供應商 Check Point® 軟件技術有限公司(納斯達克股票代碼:CHKP)的威脅情報部門 Check Point Research 發布了 2021 年 2 月最新版《全球威脅指數》報告。研究人員報告稱,Trickbot 木馬從 1 月份指數排行榜的第三位首次升上至榜首。

加上,Check Point Research發現有數百次針對​​全球組織所利用漏洞的嘗試與影響 Microsoft Exchange Server 的四個零日漏洞有關。 僅在過去的 72 小時內,CPR 觀察到利用漏洞而進行嘗試的次數便增加了 5 倍以上。

香港2月份主要惡意軟件

以下是香港2月份首10個惡意軟件。至於全球的排名列表,你可於瀏覽。

  1. Emotet 是本月份最活躍的惡意軟件,影響了全球3%的組織,緊隨其後的是 XMRig  Qbot,它們亦影響了全球3%的組織。
  2. Web Server Exposed Git 儲存庫訊息洩露」是本月份最常被利用的漏洞,影響全球 48% 的組織,其次是HTTP 標頭遠程代碼執行 (CVE-2020-13756),影響全球 46% 的組織。MVPower DVR遠端代碼執行」在最常被利用的漏洞排行榜中位列第三,全球影響了45%。
  3. Hiddad 在本月的最普遍流動惡意軟件中位第一,緊隨其後的是 xHelper  FurBall

Check Point 產品威脅情報與研究總監 Maya Horowitz 表示:「犯罪分子將繼續使用現有的威脅手段和工具,Trickbot 是因它的多功能性及以往的攻擊戰果而變得流行。正如我們估計,即便有一個重大的威脅被消除,亦會有很多其他威脅繼續對全球網絡構成高風險,因此組織必須確保採用強大的安全系統來防止其網絡遭到入侵,並將風險降至最低。對所有員工進行全面培訓是非常重要,這樣他們才能夠掌握所需技能,從而準確識別傳播Trickbot 及其他惡意軟件的惡意電子郵件類型。」

Microsoft Exchange Server漏洞

繼披露了目前影響 Microsoft Exchange Server 的四個零日漏洞後,Check Point Research (CPR) 公佈了對這些利用漏洞而進行嘗試的最新全球觀察結果。

  • CPR發現有數百次針對全球組織所利用漏洞的嘗試。 僅在過去的 72 小時內,CPR 觀察到利用漏洞而進行嘗試的次數便增加了 5 倍以上。
  • 遭受攻擊最多的國家是美國 (17%),其次是德國 (6%) 和英國 (5%)。
  • 首當其衝的行業部門是政府/軍事部門 (27%),其次是製造業 (22%) 和軟件廠商 (9%)。

Check Point建議用戶進行補丁程序以預防攻擊和保障安全,將所有 Microsoft Exchange伺服器更新為 Microsoft 提供的最新補丁版本。此更新不會自動進行,需要手動執行。

香港2月份主要惡意軟件
惡意軟件 簡介 影響全球機構百份比 影響香港機構百份比
Trickbot Trickbot is a modular Banking Trojan that targets the Windows platform, mostly delivered via spam campaigns or other malware families such as Emotet. Trickbot sends information about the infected system and can also download and execute arbitrary modules from a large array of available modules: from a VNC module for remote control, to an SMB module for spreading within a compromised network. Once a machine is infected, the Trickbot gang, the threat actors behind this malware, utilize this wide array of modules not only to steal banking credentials from the target PC, but also for lateral movement and reconnaissance on the targeted organization itself, prior to delivering a company-wide targeted ransomware attack. 3.17% 7.65%
XMRig First seen in the wild in May 2017, XMRig is an open-source CPU mining software used to mine Monero cryptocurrency. 3.08% 3.21%
Ramnit Ramnit is a banking Trojan which incorporates lateral movement capabilities. Ramnit steals web session information, enabling the worm operators to steal account credentials for all services used by the victim, including bank accounts, corporate and social networks accounts. 1.50% 2.96%
Formbook First detected in 2016, FormBook is an InfoStealer that targets the Windows OS. It is marketed as MaaS in underground hacking forums for its strong evasion techniques and relatively low price. FormBook harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files according to orders from its C&C. 2.33% 2.22%
Dridex Dridex is a Banking Trojan that targets the Windows platform, observed delivered by spam campaigns and Exploit Kits, which relies on WebInjects to intercept and redirect banking credentials to an attacker-controlled server. Dridex contacts a remote server, sends information about the infected system and can also download and execute additional modules for remote control. 1.59% 1.98%
Parite Parite is a polymorphic virus which infects executable files (EXE and SCR) on the infected host and on network drive. It drops a malicious DLL file into the Windows temporary directory which is injected into the explorer.exe process when an infected file is executed. 0.56% 1.98%
Turla Turla is a Backdoor type malicious program that targets the Windows platform. The malware is designed to give malicious users remote control over an infected computer. 0.83% 1.48%
FurBall FurBall is an Android MRAT (Mobile Remote Access Trojan) which is deployed by APT-C-50, an Iranian APT group connected to the Iranian government. This malware was used in multiple campaigns dating back to 2017, and still active today. Among FurBall’s capabilities are stealing SMS messages, call logs, surround recording, call recording, media files collection, location tracking, and more. 0.73% 1.48%
Wannamine WannaMine is a sophisticated Monero crypto-mining worm that spreads via the EternalBlue exploit. WannaMine implements its spreading mechanism and persistence techniques by leveraging Windows Management Instrumentation (WMI) permanent event subscriptions. 0.35% 1.48%
Vtflooder Vtflooder is a Bot agent that targets the Windows platform. The malware contacts a remote server to report its infection. It conducts DoS attack against VirusTotal by continuously uploading itself to it. 0.27% 1.23%

數碼領域

ASUS接手Intel NUC事業一年 加速AI技術創新

數碼領域
2024-10-28 0
ASUS接手Intel NUC事業一年 加速AI技術創新 ASUS於10月7日宣佈,自去年10月正式接手Intel NUC新一代運算單元業務後,已在AI技術創新上取得許多突破。這是ASUS首次進行大規模的產品與銷售轉移,ASUS NUC系列產品以其小巧設計及強大性能,為用戶提供更豐富多元的卓越產品、 ...

Leica M 70週年:繼承傳統、精益求精、追求創新

數碼領域
2024-10-28 0
Leica M 70週年:繼承傳統、精益求精、追求創新 -Leica 相機公司慶祝Leica M系統誕生70週年 經典流傳,繼往開來 —– 70年前,Leica M3的推出讓M系統相機傳承至今,開啟了攝影史上的新篇章。自1954年推出以來,Leica M3憑藉其獨特的旁軸系統 ...

Be the first to comment

發表迴響

這個網站採用 Akismet 服務減少垃圾留言。進一步了解 Akismet 如何處理網站訪客的留言資料