Check Point Research, the Threat Intelligence arm of Check Point Software Technologies Ltd., has published its latest UAE Threat Index for January 2021. Researchers found that banking trojan Trickbot impacted 7% of organisations in the UAE, while the Emotet trojan which has remained in first place in the top malware list globally for a second month running impacting 6% of businesses in the UAE.
Trickbot is a modular Banking Trojan that targets the Windows platform and is mostly delivered via spam campaigns or other malware families such as Emotet. Trickbot sends information about the infected system and can also download and execute arbitrary modules from a large array of available modules: from a VNC module for remote control, to an SMB module for spreading within a compromised network. Once a machine is infected, the Trickbot gang, the threat actors behind this malware, utilise this wide array of modules not only to steal banking credentials from the target PC, but also for lateral movement and reconnaissance on the targeted organisation itself, prior to delivering a company-wide targeted ransomware attack.
After an international police takedown on 27 January, 2021, Emotet witnessed a 14% decrease in the number of organisations that were impacted by the botnet activity and law enforcement agencies plan to mass-uninstall Emotet from infected hosts on 25 April. First identified in 2014, Emotet has been regularly updated by its developers to maintain its effectiveness for malicious activity. Emotet maintained the top position in Check Point’s Global Threat Index, highlighting the vast global impact this botnet has had.
“We’re seeing an increase in ransomware and malware attacks in the UAE since the pandemic began last year. While Emotet continues to impact businesses, it is interesting to see how quickly Trickbot has evolved as top malware targeting organisations in the UAE,” said Ram Narayanan, Country Manager, Check Point Software Technologies – Middle East. “Considering UAE is currently ranked no 32 on the high-risk index, businesses must be extra vigilant and deploy efficient technologies to prevent these attacks in real time to ensure these malwares don’t cause further serious damage by being the gateway to a ransomware attack. It is also important for businesses to continue providing comprehensive training for employees to identify malicious emails and avoid the spread of trojans and bots.”
Check Point’s Global Threat Impact Index and its ThreatCloud Map is powered by Check Point’s ThreatCloud intelligence, the largest collaborative network to fight cybercrime which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database inspects over 3 billion websites and 600 million files daily and identifies more than 250 million malware activities every day.
The complete list of the top ten malware families in January can be found on the Check Point Blog.