ACSC and CISA detail top malware of 2021

By

Two Trojans in use for over a decade.

The Australian Cyber Security Centre and the United States Cybersecurity and Infrastructure Security Agency have issued a joint advisory on the top eleven malware strains they observed last year, noting that several have been used by criminals for many years.

ACSC and CISA detail top malware of 2021

One of the oldest malware variants in the advisory, Qakbot, which started out as a banking Trojan for information theft, has evolved with new functionality added such as reconnaissance, lateral movement in networks, data gathering and exfiltration, dropping malicious payloads and forming botnets.

Along with banking Trojan Ursnif which is also known as Gozi, criminals have used Qakbot for over a decade now, with the malware infrastructure still active, the cybersecurity agencies said.

Malicious attachments and phishing emails are the favoured attack vectors for criminals to deliver malware such as Trickbot, with one of its developers being arrested in June last year.

Others such as information stealer AZORult, and the GootLoader multi-payload malware platform, can be delivered via infected websites, exploit kits, and droppers.

The full list of top malware of 2021 include:

  • Agent Tesla
  • AZORult
  • Formbook
  • Ursnif
  • LokiBot
  • MOUSEISLAND
  • NanoCore
  • Qakbot
  • Remcos
  • TrickBot
  • GootLoader

ACSC and CISA have published signatures for the SNORT intrusion detection system for the above malware strains.

The agencies advised organisations to keep software updated, enforce multi-factor authentication, to secure and monitor remote desktop protocol (RDP) and other such risky services, and keeping offline backups of their data.

End-users should also be provided with security awareness and training, the agencies said.

Longer term, ACSC and CISA suggested that organisations implement network segmentation to prevent the spread of ransomware, and to stop lateral movement by threat actors.

ACSC said it has observed ransomware and data theft incidents in which Australian subsidiaries of multinationals were affected, thanks to assets maintained and hosted by offshore divisions outside their control.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
acsccisaqakbotsecuritytrickbot

Sponsored Whitepapers

Redefining Vulnerability Management
Redefining Vulnerability Management
How JLL gained visibility into nearly 100K endpoints with Tanium
How JLL gained visibility into nearly 100K endpoints with Tanium
Why a holistic approach to managing risk is key to solving complex IT problems
Why a holistic approach to managing risk is key to solving complex IT problems
High Availability: The Foundation of Digital Transformation
High Availability: The Foundation of Digital Transformation
Nine Ways To Prepare Your Database for a High-Traffic Event
Nine Ways To Prepare Your Database for a High-Traffic Event

Most Read Articles

BoM's seven-year technology transformation cost $866m

BoM's seven-year technology transformation cost $866m
Medibank allegedly missed EDR alerts before data breach

Medibank allegedly missed EDR alerts before data breach
ANZ joins NAB and CBA on ConnectID

ANZ joins NAB and CBA on ConnectID
James Cook University accelerates digital roadmap and cyber uplift

James Cook University accelerates digital roadmap and cyber uplift

Digital Nation

COVER STORY: What AI regulation might look like in Australia
COVER STORY: What AI regulation might look like in Australia
Health tech startup Kismet raises $4m in pre-seed funding
Health tech startup Kismet raises $4m in pre-seed funding
How eBay uses interaction analytics to improve CX
How eBay uses interaction analytics to improve CX
More than half of loyalty members concerned about their data
More than half of loyalty members concerned about their data
State of Security 2023
State of Security 2023

Log In

  |  Forgot your password?