You guessed it: Emotet, Trickbot and the Log4j vulnerability ended the year with an unpleasant cyber bang.
In the last month of 2021, Emotet had risen swiftly since its resurgence, from seventh to second place behind Trickbot, while the Log4j vulnerability was the most exploited, impacting almost half of all companies worldwide in a very short space of time.
The most attacked industry in Check Point Research’s ecosystem continued to be Education/Research, followed by Government/Military and ISP/MSP.
Top malware families
For Dec 2021, Trickbot was the most popular malware in the Check Point user base, impacting 4% of organizations worldwide, followed by Emotet and Formbook, both with a global impact of 3%.
- Agent Tesla
Top exploited vulnerabilities
The “Apache Log4j Remote Code Execution” took the spotlight, and it expected to remain visible for years to come.
- Apache Log4j Remote Code Execution (CVE-2021-44228) – A remote code execution vulnerability exists in Apache Log4j. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.
- Web Server Exposed Git Repository Information Disclosure
- HTTP Headers Remote Code Execution (CVE-2020-10826,CVE-2020-10827,CVE-2020-10828,CVE-2020-13756)
- Web Servers Malicious URL Directory Traversal (CVE-2010-4598,CVE-2011-2474,CVE-2014-0130,CVE-2014-0780,CVE-2015-0666,CVE-2015-4068,CVE-2015-7254,CVE-2016-4523,CVE-2016-8530,CVE-2017-11512,CVE-2018-3948,CVE-2018-3949,CVE-2019-18952,CVE-2020-5410,CVE-2020-8260)
- MVPower DVR Remote Code Execution
- Dasan GPON Router Authentication Bypass (CVE-2018-10561)
- D-LINK Multiple Products Remote Code Execution (CVE-2015-2051)
- Apache HTTP Server Directory Traversal (CVE-2021-41773,CVE-2021-42013)
- Command Injection Over HTTP (CVE-2013-6719,CVE-2013-6720)
- PHP Easter Egg Information Disclosure
Top mobile malware
This month, AlienBot takes first place in the most prevalent mobile malware, followed by xHelper and FluBot.
- FluBot — FluBot is an Android botnet distributed via phishing SMS messages, most often impersonating logistics delivery brands. Once the user clicks the link inside the message, FluBot is installed and gets access to all sensitive information on the phone.