Trickbot and Emotet topped the charts last month, being increasingly used for distributing ransomware against hospitals and healthcare providers globally.

Last month’s Most Wanted malware were, according to the Check Point Global Threat Index, the Trickbot and Emotet trojans.

These two continued to rank as the top-two most prevalent malware in October, responsible for the sharp increase in ransomware attacks against hospitals and healthcare providers globally.

Recently, the FBI and other US government agencies issued a warning about ransomware attacks targeting the healthcare sector, estimating that more than one million Trickbot infections worldwide are being used to download and spread file-encrypting ransomware such as Ryuk, which is also distributed via the Emotet trojan. The latter remains in first place for the fourth month in succession.

Healthcare sector stats

The firm’s intelligence data showed that the healthcare sector in the USA was the most targeted by ransomware in October, with attacks increasing by 71% compared with September 2020. Ransomware attacks against healthcare organizations and hospitals increased by 36% in EMEA and 33% in APAC in October. 

Said the firm’s Director (Threat Intelligence & Research, Products), Maya Horowitz: “We’ve seen ransomware attacks increasing since the start of the coronavirus pandemic, to try and take advantage of security gaps as organizations scrambled to support remote workforces. These have surged alarmingly over the past three months, especially against the healthcare sector, and are driven by pre-existing TrickBot and Emotet infections. We strongly urge healthcare organizations everywhere to be extra vigilant about this risk, and scan for these infections before they can cause real damage by being the gateway to a ransomware attack.”

Top malware families

In the latest report, the research team also warned that “MVPower DVR Remote Code Execution” was the most common exploited vulnerability, impacting 43% of organizations globally, followed by “Dasan GPON Router Authentication Bypass” and “HTTP Headers Remote Code Execution (CVE-2020-13756)” with both impacting  42% of organizations globally.

For October 2020, Emotet remained the most popular malware with a global impact of 12% of organizations, followed by Trickbot and Hiddad, which both impacted 4% of organizations worldwide.

  1. ↔ Emotet
  2. ↔ Trickbot
  3. ↑ Hiddad

Top exploited vulnerabilities

October’s most common exploited vulnerability was still “MVPower DVR Remote Code Execution”, impacting 43% of organizations globally, followed by “Dasan GPON Router Authentication Bypass” and “HTTP Headers Remote Code Execution (CVE-2020-13756)” with both impacting 42% of organizations globally. 

  1. ↔ MVPower DVR Remote Code Execution
  2. ↔ Dasan GPON Router Authentication Bypass (CVE-2018-10561)
  3. ↑ HTTP Headers Remote Code Execution (CVE-2020-13756)

Top Mobile Malware

Hiddad was the most prevalent Mobile malware, followed by xHelper and Lotoor.

  1. Hiddad
  2. xHelper
  3. Lotoor