iTnews Asia
  • Home
  • News
  • Security

ACSC and CISA detail top malware of 2021

ACSC and CISA detail top malware of 2021

Two Trojans in use for over a decade.

By Juha Saarinen on Aug 8, 2022 10:57AM

The Australian Cyber Security Centre and the United States Cybersecurity and Infrastructure Security Agency have issued a joint advisory on the top 11 malware strains they observed last year, noting that several have been used by criminals for many years.

One of the oldest malware variants in the advisory, Qakbot, which started out as a banking Trojan for information theft, has evolved with new functionality added such as reconnaissance, lateral movement in networks, data gathering and exfiltration, dropping malicious payloads and forming botnets.

Along with banking Trojan Ursnif, which is also known as Gozi, criminals have used Qakbot for over a decade now, with the malware infrastructure still active, the cyber security agencies said.

Malicious attachments and phishing emails are the favoured attack vectors for criminals to deliver malware such as Trickbot, with one of its developers being arrested in June last year.

Others such as information stealer AZORult, and the GootLoader multi-payload malware platform, can be delivered via infected websites, exploit kits, and droppers.

The full list of top malware of 2021 include:

  • Agent Tesla
  • AZORult
  • Formbook
  • Ursnif
  • LokiBot
  • MOUSEISLAND
  • NanoCore
  • Qakbot
  • Remcos
  • TrickBot
  • GootLoader

ACSC and CISA have published signatures for the SNORT intrusion detection system for the above malware strains.

The agencies advised organisations to keep software updated, enforce multi-factor authentication, to secure and monitor remote desktop protocol (RDP) and other such risky services, and keeping offline backups of their data.

End users should also be provided with security awareness and training, the agencies said.

Longer term, ACSC and CISA suggested that organisations implement network segmentation to prevent the spread of ransomware, and to stop lateral movement by threat actors.

ACSC said it has observed ransomware and data theft incidents in which Australian subsidiaries of multinationals were affected, thanks to assets maintained and hosted by offshore divisions outside their control.

To reach the editorial team on your feedback, story ideas and pitches, contact them here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
acsc agent tesla azorult cisa formbook gootloader lokibot mouseisland nanocore qakbot remcos security trickbot ursnif

Related Articles

  • Best practice tips for secure password management
  • Are third-party blind spots the weakest link in enterprise cybersecurity chain?
  • Five tips a CIO or CSO should know to stop employee-driven IP theft
  • StarHub launches app to protect customers from scam calls and SMS
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Are third-party blind spots the weakest link in enterprise cybersecurity chain?

Are third-party blind spots the weakest link in enterprise cybersecurity chain?
Indonesia's national data centre suffers ransomware attack

Indonesia's national data centre suffers ransomware attack
Philippines Maxicare, Jollibee Foods Corporation hit by data breach

Philippines Maxicare, Jollibee Foods Corporation hit by data breach
Philippine education ministry hit by data leak exposing 210,020 records

Philippine education ministry hit by data leak exposing 210,020 records
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of Lighthouse Independent Media's Privacy Policy and Terms & Conditions.