The Remcos Trojan has returned to the highest ten listing (in eighth place) of most needed malware by Verify Level Software program for the primary time since December 2022.
In response to the most recent report revealed by the corporate earlier right now, risk actors used Remcos extensively in February to focus on Ukrainian authorities entities by way of phishing assaults.
The analysis doc additionally clarifies that, general, weekly assaults focusing on Ukraine have decreased by 44% between October 2022 and February 2023.
“Whereas there was a lower within the variety of politically motivated assaults on Ukraine, they continue to be a battleground for cyber-criminals,” defined Maya Horowitz, VP of analysis at Verify Level Software program, commenting on the report’s findings.
“Hacktivism has usually been excessive on the agenda for risk actors for the reason that Russo-Ukrainian conflict started, and most have favored disruptive assault strategies resembling DDoS to garner probably the most publicity.”
Horowitz added that current assaults in opposition to Ukrainian targets used a extra conventional assault route, resembling phishing scams, to acquire info and extract information.
“It’s necessary that every one organizations and authorities our bodies comply with protected safety practices when receiving and opening emails. Don’t obtain attachments with out scanning the properties first. Keep away from clicking on hyperlinks inside the physique of the e-mail, and examine the sender deal with for any abnormalities resembling extra characters or misspellings.”
Qbot retained its main place within the listing, adopted by the Formbook infostealer and the notorious Emotet trojan – each of which climbed ranks in comparison with Verify Level’s January report.
Banking trojan Anubis additionally retained its place as high cell malware, adopted by Hiddad (a malware software designed to repackage apps with additional advertisements) and the AhMyth RAT.
The vulnerability most exploited within the wild in February was the net server malicious URL listing traversal, changing the net server flaw that uncovered GitHub repository info in October 2022. The Apache Log4j distant code execution vulnerability (CVE-2021-44228) took the third spot.
