Changing Malware and Ransomware Ecosystem in H1 2022

Diving into details

• Threat actors made heavy changes to Agent Tesla, Emotet, NJRat, and Nanocore, among others. Emotet is now leading the top five banking trojans and uses obfuscated VBA macros for detection evasion.
• Bugs such as DirtyPipe and Follina have been emphasized by hackers to abuse both Linux and Windows devices. Furthermore, the CISA’s catalog of known exploited vulnerabilities indicates that the number of exploitable vulnerabilities rises every three to four months. 
• In addition to the above, ransomware attacks remained a serious threat throughout the first half of the year as threat actors are operating at least 17 leaked databases, to date. They abuse the stolen data for social engineering, multi-staged extortion, and credential theft attacks. 

Latest ransomware and malware incidents

• Three new malware variants namely FBI ransomware, Wise Guys, and Psychedelic, were found targeting Windows users. Moreover, Wise Guys malware is destructive in nature.
• A wave of phishing campaigns against seven Indian bank customers was found propagating five malware families - Elibomi, FakeReward, AxBanker, IcRAT, and IcSpy.
• LockBit 3.0 found a new distribution method; it is being spread by the Amadey Bot. The bot downloads three LockBits in two different formats - two PowerShell and one .exe.

The bottom line