A Shake Up in the Index but Emotet is Still on Top

Check Point Software Technologies INC

Check Point Software Technologies INC

Check Point Research reports that April has seen a lot of activity from Formbook to Lokibot. This month also saw Spring4Shell make headlines, but it is not yet one of the most exploited vulnerabilities

SAN CARLOS, Calif., May 11, 2022 (GLOBE NEWSWIRE) — Check Point Research (CPR), the Threat Intelligence arm of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber security solutions globally, has published its latest Global Threat Index for April 2022. Researchers report that Emotet, an advanced, self-propagating and modular Trojan, is still the most prevalent malware impacting 6% of organizations worldwide. Despite this, there has been movement for all other malwares in the list. Tofsee and Nanocore are out, and have been replaced by Formbook and Lokibot, now the second and sixth most prevalent malwares respectively.

Emotet’s higher score in March (10%) was mainly due to specific Easter themed scams but this month’s decrease could also be explained by Microsoft’s decision to disable specific macros associated with Office files, affecting the way that Emotet is usually delivered. In fact, there are reports that Emotet has a new delivery method; using phishing emails that contain a OneDrive URL. Emotet has many uses after it succeeds in bypassing a machine’s protections. Due to its sophisticated techniques of propagating and assimilation, Emotet also offers other malwares to cybercriminals on dark web forums including banking trojans, ransomwares, botnets, etc. As a result, once Emotet finds a breach, the consequences can vary depending on which malware was delivered after the breach was compromised.

Elsewhere in the index, Lokibot, an infostealer, has re-entered the list in sixth place after a high impact spam campaign delivering the malware via xlsx files made to look like legitimate invoices. This, and the rise of Formbook, have had a knock on effect on the position of other malwares with the advanced remote access trojan (RAT) AgentTesla, for example, dropping into third place from second.

At the end of March, critical vulnerabilities were found in Java Spring Framework, known as…