The CISA and the ACSC published a joint advisory, delineating the most prominent malware strains detected in 2021. Most of the top malware strains have been around for over five years, and the most frequent malware users are cybercriminals delivering ransomware or stealing finances and personal information.
Key Findings
The top malware strains of 2021 included in the list are Agent Tesla, AZORult, Formbook, Ursnif, LokiBot, MOUSEISLAND, NanoCore, Qakbot, Remcos, TrickBot, and GootLoader.
- Malicious cyber actors have been using Agent Tesla, AZORult, Formbook, LokiBot, NanoCore, Remcos, and TrickBot for at least five years.
- Qakbot and Ursnif go a step further, having been used by malicious cyber actors for over a decade.
- Malicious cyber actors have used MOUSEISLAND and GootLoader, since 2019 and 2020, respectively.
How do the malware strains go undetected?
The primary reason is the developers' persistent efforts to upgrade the malware strains by adding new capabilities and ways to evade detection.
- Malware developers profit from lucrative cyber operations with little or no risk of repercussions.
- Many malware developers frequently operate from locations where there are few legal restrictions on malware development and deployment.
Such data on known malware strains provides organizations with opportunities to better prepare, identify, and mitigate attacks. Security reports and advisories are issued constantly by government agencies in the interest of public and private organizations to help them protect against imminent as well as forthcoming threats.
Other key reports you shouldn’t miss
- In April, the NSA and the FBI collaborated with global cybersecurity authorities to publish a list of the top 15 vulnerabilities frequently exploited in 2021.
- This year, MITRE released a list of the top 25 most dangerous software bugs, based on its list of the most dangerous programming, design, and architecture security flaws plaguing hardware in November 2021.
Conclusion and mitigation
Both the CISA and the ACSC encourage administrators to defend against malware attacks and recommend the following:
- Update software, including operating systems, applications, and firmware, on IT network assets.
- Enforce MFA to the greatest extent possible and require accounts with password logins, including service accounts, to have strong passwords.
- If the company uses RDP and/or other potentially risky services, secure and monitor them closely.
- Maintain offline backups of data and perform the procedures at least every 90 days.
- Provide end-user awareness and training to help prevent successful targeted social engineering and spearphishing campaigns.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/6bbd_shutterstock_667560370.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/e700_shutterstock_2035714925.jpeg)
