Check Point Research (CPR), has published its latest Global Threat Index for September 2022. CPR reports that while Formbook is still the most prevalent malware, impacting 3% of organizations worldwide, Vidar is now in eighth position, up seven places from August.
Vidar is an infostealer designed to give threat actors backdoor access, enabling them to steal sensitive banking information, login credentials, IP addresses, browser history and crypto wallets from infected devices. The increase in its prevalence follows a malicious campaign whereby fake Zoom websites, such as zoomus[.]website and zoom-download[.]space, were used to lure innocent users into downloading the malware. Formbook, an infostealer targeting Windows OS, remains in first place.
Since the onset of the Russia-Ukraine war, CPR has continued to monitor the impact on cyberattacks in both countries. While the conflict intensifies, CPR’s Global Threat Index for September noted a significant change in the ‘threat rank’ of many Eastern European countries. The threat rank represents how much an organization is being attacked in a specific country compared to the rest of the world. During September, Ukraine had jumped 26 places, Poland and Russia moved up 18 places each, and both Lithuania and Romania moved up 17 places, among others. All these countries are now among the top 25, with the biggest degradation in their ranking occurring in the past month.
Maya Horowitz, VP Research at Check Point, said, “As the war on the ground continues, so too does the war in cyberspace. It’s likely no coincidence that the threat ranks of many Eastern European countries have increased this last month. All organizations are at risk and must shift to a prevent-first cybersecurity strategy before it’s too late,” “In terms of the most prevalent malwares in September, it’s interesting to see Vidar leap into the top ten after a long absence. Users of Zoom need to stay alert to fraudulent links as this is how the Vidar malware has been distributed lately. Always keep an eye out for inconsistencies or misspelled words in URLs. If it looks suspicious, it probably is.”
CPR also revealed that “Web Server Exposed Git Repository Information Disclosure” is the most commonly exploited vulnerability, impacting 43% of organizations worldwide, closely followed by “Apache Log4j Remote Code Execution” which dropped from first place to second, with an impact of 42%. September also saw Education/Research remain in first place as the most attacked industry globally.