iTnews Asia
  • Home
  • News
  • Security

ACSC and CISA detail top malware of 2021

ACSC and CISA detail top malware of 2021

Two Trojans in use for over a decade.

By Juha Saarinen on Aug 8, 2022 10:57AM

The Australian Cyber Security Centre and the United States Cybersecurity and Infrastructure Security Agency have issued a joint advisory on the top 11 malware strains they observed last year, noting that several have been used by criminals for many years.

One of the oldest malware variants in the advisory, Qakbot, which started out as a banking Trojan for information theft, has evolved with new functionality added such as reconnaissance, lateral movement in networks, data gathering and exfiltration, dropping malicious payloads and forming botnets.

Along with banking Trojan Ursnif, which is also known as Gozi, criminals have used Qakbot for over a decade now, with the malware infrastructure still active, the cyber security agencies said.

Malicious attachments and phishing emails are the favoured attack vectors for criminals to deliver malware such as Trickbot, with one of its developers being arrested in June last year.

Others such as information stealer AZORult, and the GootLoader multi-payload malware platform, can be delivered via infected websites, exploit kits, and droppers.

The full list of top malware of 2021 include:

  • Agent Tesla
  • AZORult
  • Formbook
  • Ursnif
  • LokiBot
  • MOUSEISLAND
  • NanoCore
  • Qakbot
  • Remcos
  • TrickBot
  • GootLoader

ACSC and CISA have published signatures for the SNORT intrusion detection system for the above malware strains.

The agencies advised organisations to keep software updated, enforce multi-factor authentication, to secure and monitor remote desktop protocol (RDP) and other such risky services, and keeping offline backups of their data.

End users should also be provided with security awareness and training, the agencies said.

Longer term, ACSC and CISA suggested that organisations implement network segmentation to prevent the spread of ransomware, and to stop lateral movement by threat actors.

ACSC said it has observed ransomware and data theft incidents in which Australian subsidiaries of multinationals were affected, thanks to assets maintained and hosted by offshore divisions outside their control.

To reach the editorial team on your feedback, story ideas and pitches, contact them here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
acsc agent tesla azorult cisa formbook gootloader lokibot mouseisland nanocore qakbot remcos security trickbot ursnif

Related Articles

  • Beware the pitfalls of using a ‘DIY security’ approach
  • AI transforms cyberattacks, but human trust remains the weakest link
  • How severe will ransomware attacks become in 2026?
  • Identity is now the new cybersecurity battlefield
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Beware the pitfalls of using a ‘DIY security’ approach

Beware the pitfalls of using a ‘DIY security’ approach
AI transforms cyberattacks, but human trust remains the weakest link

AI transforms cyberattacks, but human trust remains the weakest link
Philippine education ministry hit by data leak exposing 210,020 records

Philippine education ministry hit by data leak exposing 210,020 records
Japanese space agency JAXA hit by cyberattack

Japanese space agency JAXA hit by cyberattack
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of Lighthouse Independent Media's Privacy Policy and Terms & Conditions.