Remcos Trojan back on Check Point’s top 10 list of global threats

Check Point Software Technologies’ Global Threat Index for February has seen Remcos Trojan return to the top 10 list for the first time since December 2022, after it was reported being used by threat actors to target Ukrainian government entities through phishing attacks.

According to the report, conducted by Check Point Research (CPR), Emotet Trojan and Formbook Infostealer placed second and third respectively, while education/research remained the most targeted industry, followed by government/military and healthcare.

Despite researchers identifying a 44 per cent decrease in the average number of weekly attacks per organization between October 2022 and last month, Ukraine remains a popular target for cybercriminals following the Russian invasion.

“In the most recent campaign, attackers impersonated Ukrtelecom JSC in a mass email distribution, using a malicious RAR attachment to spread the Remcos Trojan,” authors of the report note.

“Once installed, the tool opens a backdoor on the compromised system, allowing full access to the remote user for activities such as data exfiltration and command execution. The ongoing attacks are believed to be linked to cyberespionage operations due to the behavior patterns and offensive capabilities of the incidents.”

Researchers also revealed that “while there has been a decrease in the number of politically motivated attacks on Ukraine, they remain a battleground for cybercriminals. Hacktivism has typically been high on the agenda for threat actors since the Russo-Ukrainian war began and most have favored disruptive attack methods such as DDoS to garner the most publicity.

“However, the latest campaign used a more traditional route of attack, using phishing scams to obtain user information and extract data. It’s important that all organizations and government bodies follow safe security practices when receiving and opening emails.”

This includes not downloading attachments without scanning them first, avoiding clicking on links within the body of the email, and checking the sender address for any abnormalities such as additional characters or misspellings, the report stated.

Qbot was the most prevalent malware last month,…