Check Point Research, the Threat Intelligence arm of Check Point Software Technologies Ltd, a leading provider of cyber security solutions globally, has published its latest UAE Threat Index for January 2021. Researchers found that banking trojan Trickbot impacted 7% of organizations in the UAE, while the Emotet trojan which has remained in first place in the top malware list globally for a second month running impacting 6% of businesses in the UAE.
Trickbot is a modular Banking Trojan that targets the Windows platform and is mostly delivered via spam campaigns or other malware families such as Emotet. Trickbot sends information about the infected system and can also download and execute arbitrary modules from a large array of available modules: from a VNC module for remote control, to an SMB module for spreading within a compromised network. Once a machine is infected, the Trickbot gang, the threat actors behind this malware, utilize this wide array of modules not only to steal banking credentials from the target PC, but also for lateral movement and reconnaissance on the targeted organization itself, prior to delivering a company-wide targeted ransomware attack.
After an international police takedown on January 27, 2021, Emotet witnessed a 14% decrease in the number of organizations that were impacted by the botnet activity, and law enforcement agencies plan to mass-uninstall Emotet from infected hosts on April 25thFirst identified in 2014, Emotet has been regularly updated by its developers to maintain its effectiveness for malicious activity. Emotet maintained the top position in Check Point’s Global Threat Index, highlighting the vast global impact this botnet has had.
“We’re seeing an increase in ransomware and malware attacks in the UAE since the pandemic began last year. While Emotet continues to impact businesses, it is interesting to see how quickly Trickbot has evolved as top malware targeting organizations in the UAE,” said Ram Narayanan, Country Manager, Check Point Software Technologies – Middle East. “Considering UAE is currently ranked no 32 on the high-risk index, businesses must be extra vigilant and deploy efficient technologies to prevent these attacks in real time to ensure these malwares don’t cause further serious damage by being the gateway to a ransomware attack. It is also important for businesses to continue providing comprehensive training for employees to identify malicious emails and avoid the spread of trojans and bots.”
Top malware families impacting UAE businesses in January 2021.
Trickbot ranks as the most popular malware with a UAE-wide impact of 7%, closely followed by Emotet and Hiddad impacting 6% of organizations each.
- Trickbot – Trickbot is a dominant banking Trojan constantly being updated with new capabilities, features and distribution vectors. This enables Trickbot to be a flexible and customizable malware that can be distributed as part of multi-purposed campaigns.
- Emotet – Emotet is an advanced, self-propagating and modular Trojan. Emotet was once a banking Trojan, and recently has been used as a distributor of other malware or malicious campaigns. It uses multiple methods for maintaining persistence and evasion techniques to avoid detection. In addition, it can be spread through phishing spam emails containing malicious attachments or links.
- Hiddad – Hiddad is an Android malware which repackages legitimate apps and then releases them to a third-party store. Its main function is to display ads, but it can also gain access to key security details built into the OS.
Top mobile malwares impacting UAE businesses
Hiddad is followed closely by xHelper, a malicious application seen in the wild since March 2019, and used for downloading other malicious apps and display advertisement, impacting 5% of users. The application is capable of hiding itself from the user, and reinstall itself in case it was uninstalled.
Remote access trojan, njRAT which targets mainly government agencies and organizations in the Middle East impacted 3% of UAE organizations. The Trojan first emerged on 2012 and has multiple capabilities from capturing keystrokes, accessing the victim’s camera, stealing credentials stored in browsers, uploading and downloading files, performing process and file manipulations, and viewing the victim’s desktop. njRAT infects victims via phishing attacks and drive-by downloads, and propagates through infected USB keys or networked drives, with the support of Command & Control server software.
Check Point’s Global Threat Impact Index and its ThreatCloud Map is powered by Check Point’s ThreatCloud intelligence, the largest collaborative network to fight cybercrime which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database inspects over 3 billion websites and 600 million files daily, and identifies more than 250 million malware activities every day.