Healthcare became the second most popular target for hackers in the Nordic countries and worldwide in April, according to a malware review by Check Point Research. An extensive spam campaign made the Qbot Trojan the second most common malware in the world, and it retained its first position in Finland. IoT hit Mirai returns to the top malware list for the first time in a year.
Check Point Research, which is responsible for the research activities of Check Point Software Technologies, has published its April 2023 Malware Overview.
Last month, security researchers discovered a massive campaign in which the Qbot malware was distributed through a new distribution method via malicious, protected PDF files attached to emails. The malware was distributed around the world in many different languages and targeted organizations. Qbot was the most common malware in Finland and the second most common in the world in April. The most common nuisance agent in the world was Tesla. In third place was FormBook, a malicious program for Windows systems.
Returning to the list was Mirai, one of the most common IoT (Internet-of-Things) malware. The researchers found that it exploited a new zero-day vulnerability, CVE-2023-1380, to attack TP-Link routers and add them to its botnet, which has been used in some of the most destructive distributed DDoS attacks ever. Has been done
In April, the top of the industries most targeted by cyberattacks also changed, as healthcare overtook state administration and took second place worldwide and in the Nordic countries. Globally, the targets of the attacks were often educational/research organizations in Europe and the Nordic countries, equipment suppliers.
Attacks on health facilities are well documented, and in some countries they are still under frequent attack. For example, the Medusa cybercriminal group recently targeted cancer facilities in Australia. The industry is an attractive target for hackers, as it opens up the possibility for them to gain access to confidential patient and payment information. It could also have consequences for pharmaceutical companies, as attacks could leak information about clinical trials or new drugs and devices.
First on the global list of mobile malware was the remote access trojan (RAT) AhMyth, which was discovered in 2017. It is distributed in Android apps found in the App Store and various websites. In second place was the banking and remote access trojan Anubis, which is aimed at Android phones. Even equipped with ransomware features, Anubis is also able to record sounds and keystrokes. It has been detected in hundreds of apps in the Google Store. The third was Hidda, which repackages apps and publishes them to the App Store. It mainly delivers advertisements.
Below is a list of the most common malware in Finland in April 2023:
Qbot (aka Qakbot). First discovered in 2008, a banking Trojan steals a victim’s bank credentials and records keystrokes. Prevalence 6.54%. XMrig. Monero cryptocurrency miner. Prevalence 3.27%. Mothers. A sophisticated, self-propagating and modular banking Trojan primarily used to proliferate other malware. Prevalence 2.80%. Ramkos. A Remote Access Trojan, or RAT, that spreads with Microsoft Office documents attached to spam emails. Prevalence 1.87%. Ghost, Formbook, Mirai, Parite, Danbot, and Xegost: all 1.40% in circulation.
The complete top 10 malware list can be found on Check Point’s blog.