Emotet, the new spam email delivery strategy, is among the most widespread computer threats

Check Point Software Technologiesthe leading provider of cybersecurity solutions globally, has released its own Global Threat Index for the month of March. Last month, researchers uncovered a new Trojan-driven malware campaign The emotionclimbed to second place among the most common cyberthreats and it’s the new spam email strategy.

Emotet, the new spam email delivery strategy has affected Microsoft

As reported earlier this year, attackers have been exploring alternative ways to spread Emotet and distribute malicious files since Microsoft announced that it wants to block macros in Office files. In the latest campaign, attackers have adopted a new strategy of sending spam emails containing a file Malicious OneNote.

Once opened, a message tricks the victim into click on the documentthus downloading The emotion. Once installed, the malware can collect user email data, such as login credentials and contact information. The attackers then use the information they gather to expand the reach of the campaign and facilitate future attacks.

In Italy Emotet ranks fourth even if with a higher percentage of impact (5%) than the global one (4%). Qbot and BLINDINGCAN are the two most widespread malware, totaling over 20% of impact on local organizations (14% and 8% respectively).

Qbotthe most dangerous malware in Italy

Qbot remains the most dangerous malware in Italy. Often distributed via spam email, it employs various anti-VM, anti-debug and anti-sandbox techniques to hinder analysis and evade detection. Qbot is a banking trojan designed to steal banking credentials and user keystrokes – therefore it is no surprise that the Finance/Banking sector was the third most attacked sector in Italy.

“Even if big techs do their best to stop cybercriminals from the beginning, it is almost impossible to prevent every single attacker from bypassing security measures. We know that Emotet is a sophisticated trojan and it is no surprise that it managed to get past the most up-to-date Microsoft defenses. The most important thing people can do is make sure they have adequate email security, avoid downloading unknown files, and adopt a healthy skepticism about the origins of an email and its content.” said Maya Horowitz, VP Research at Check Point Software.

The three most exploited vulnerabilities of the month of March

Qbot was the most prevalent malware last month, impacting more than 10% of global organizations, followed by Emotet and Formbook with a global impact of 4%.

Qbot – also known as Qakbot, is a banking trojan that first appeared in 2008, designed to steal user’s banking credentials and keystrokes. Often distributed via spam email, Qbot employs various anti-VM, anti-debug and anti-sandbox techniques to hinder analysis and evade detection.

The emotion – is an advanced, self-propagating and modular trojan. Previously used as a banking trojan, now it is used as a distributor of other malware or for malicious campaigns. It uses different methods to maintain persistence and evasion techniques to avoid detection. Also, it can spread through spam emails containing malicious attachments or links.

FormBook – is an infostealer targeting the Windows Operating System, first identified in 2016. It is marketed in underground hacker forums as Malware-as-a-Service (MaaS) due to its effective evasion techniques and price tag relatively low. FormBook can fetch credentials from different web browsers, collect screenshots, monitor and log keystrokes, and can download and execute files based on your C&C orders.

Hands of hacker on a laptop

The most attacked sectors in the month of March

The Education/Research sector confirmed itself in first place among the most attacked sectors globally, followed by Government/Military and Healthcare.

Education/Research

Government/Military

Healthcare

Instead, in Italia:

Education/Research

Government/Military

Finance/Banking

The most popular mobile malware of March

Last month, Ahmyth moved into first place as the most prevalent mobile malware, followed by Anubis and Hiddad.

AhMyth – is a Remote Access Trojan (RAT) discovered in 2017. It is distributed through Android applications which can be found on app stores and various websites. When a user installs one of these infected apps, the malware can collect sensitive information from the device and perform actions such as keylogging, taking screenshots, sending SMS and activating the camera, which is usually used to steal sensitive information.

Anubis – is a banking trojan designed for Android. Since it was detected, it has acquired more functions, including being a Remote Access Trojan (RAT), keylogger, having audio recording ability, and various ransomware features. It has been detected in hundreds of apps available on the Google Store.

Hiddad – is an Android malware that repackages legitimate apps to place them on a third-party store. Its main function is to display advertisements, but it is also capable of finding access to vital security information present in the operating system, allowing hackers to steal sensitive data.

Check Point’s Global Threat Impact Index and ThreatCloud Map are powered by Check Point’s ThreatCloud intelligence. ThreatCloud provides real-time threat intelligence from hundreds of millions of sensors around the world, across networks, endpoints and cellular. It is powered by AI-based engines and exclusive data from Check Point Research, the intelligence and research arm of Check Point Software Technologies.