Top Malware Strains and How to Mitigate Them

2022 was a year of seismic events, including the Russian-Ukrainian war, economic downturns, and the ongoing pandemic. On top of the increasing use of phishing campaigns and cybersecurity threats, these events significantly impacted global businesses.

Several high-profile cyber attacks, including Follina and Log4Shell exploits, dominated the cyber threat landscape, proving that threat actors keep up with cybersecurity trends and have the latest technology to attack organizations. The US Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cybersecurity Centre have selected 11 malware families as their top threats. This list includes malware that has changed over the past ten years, including banking and remote access trojans. This article will discuss each top malware strain, how they may be delivered to your business, and tips for minimizing risks.

What Are the Top Malware Strains to Be on the Lookout For?

Malware is malicious software that can harm computer systems. Some of the most common strains include:

  • Agent Tesla: a Remote Access Trojan (RAT) often carried out via phishing email attacks utilizing malicious attachments and links, which steal sensitive information like login credentials, keystrokes, and system information through capturing screenshots, recording keystrokes, and taking clipboard data. Agent Tesla can also disable anti-virus or anti-phishing software and create backdoors for further attacks.
  • AZORult: a RAT typically delivered through spam emails or as a payload in exploit kits. Once installed, it can access sensitive information such as passwords, cookies, and cryptocurrency wallets, as well as download additional malware and be a backdoor for further attacks.
  • Formbook: a keylogger and data stealer primarily distributed through spear phishing emails or malicious downloads. When a victim introduces this strain to their computer, it can capture keystrokes, take screenshots, and steal sensitive information such as passwords, credit card numbers, and browser history. Formbook targets attacks against individuals and businesses.
  • Ursnif: a banking Trojan usually presented through spam emails or exploit kits. Ursnif steals banking credentials, login credentials, and other sensitive information and aims at financial institutions and their customers.
  • Lokibot: a password and data stealer often sent through spam emails or as a payload in exploit kits. It can access login credentials, credit card numbers, and other sensitive information and download additional malware, acting as a backdoor for further attacks.
  • Mouse Island: a RAT frequently administered through spear phishing emails or as a payload in exploit kits. Sensitive information such as passwords, login credentials, and system information can be taken. Mouse Island can act as a backdoor for future attacks by downloading malware.
  • NanoCore: a RAT commonly transported with spear phishing emails or as a payload in exploit kits. If downloaded, cybercriminals can reach sensitive information such as login credentials, system information, and keystrokes and upload other forms of malware for attacks.
  • QakBot: a banking Trojan normally supplied through spam emails or exploit kits and steals banking credentials, login credentials, and other sensitive information. It is often used in targeted attacks against financial institutions and their customers.
  • Remcos: a RAT generally fulfilled through spear phishing emails or as a payload in exploit kits. Remcos can see sensitive information such as login credentials, system information, and keystrokes. Also, it downloads additional malware for further attacks.
  • TrickBot: a banking Trojan consistently provided through spam emails or exploit kits. Banking credentials, login credentials, and other sensitive information are often targeted in attacks on financial institutions and their customers.
  • GootLoader: a downloader customarily conveyed through spam emails or malicious websites and can download additional malware such as ransomware or banking Trojans in the process of directed attacks towards individuals and businesses.

In a 2021 advisory, CISA said, "​​Most of the top malware strains have been in use for more than five years with their respective code bases evolving into multiple variations. The most prolific malware users are cybercriminals, who use malware to deliver ransomware or facilitate the theft of personal and financial information." We must understand all of the strains that could interfere with computer systems to know how to protect ourselves and combat such attacks, should they ever occur.

CISA’s Recommended Mitigations

CISA issued recommendations for organizations to improve their cybersecurity posture based on known adversary tactics, techniques, and procedures (TTP), including:

  • Update email security software, including operating systems, applications, and firmware, and prioritize patching any known exploited and critical/high-severity vulnerabilities which allow for remote code execution or denial-of-service on internet-facing equipment.
  • Consider using a centralized patch management system and vulnerability scanning to reduce threat exposure. You can also utilize methods like sandboxing malware to determine your system's weaknesses before hacking.cisa logo
  • Enforce MFA to the greatest extent possible and require strong passwords for accounts with password logins, including service accounts. Do not allow passwords to be used across multiple accounts or stored on a system accessible to adversaries.
  • Closely monitor potentially risky services like Remote Desktop Protocol (RDP). Such exploitations are the top initial infection vectors for malware ransomware. Limit access to resources over internal networks, especially by restricting RDP and using the virtual desktop infrastructure.
  • Ensure devices are properly configured and that security features are enabled. Disable ports and protocols that are not being used for business purposes.
  • Maintain offline backups of data, conduct backup procedures on a frequent, regular basis (at least every 90 days), and check that backups are isolated from network connections, which could enable the spread of malware.
  • Provide email security awareness and training to help prevent successful targeted social engineering and spear phishing campaigns, as this is one of the top infection vectors for malware ransomware.
  • Verify employees are aware of potential cyber threats and delivery methods and know what to do and whom to contact when they receive a suspected phishing email or suspect a cyber incident.

How Can I Increase Cloud Email Attachment and Malware Protection?

By preparing yourself properly, you can significantly reduce the cost and impact of an attack. You can also reduce the chances of email threats and minimize damage caused by implementing stronger best practices for email security and cybersecurity. Some practices include:

Strengthen Your Email Security Strategy

Many companies think having endpoint threat protection security is enough to keep their data safe. While it is a good start, endpoint security can't protect against new emerging threats. Businesses must have additional layers of phishing prevention and experts who can monitor and mitigate issues. This extra malware protection must learn and adapt to new threats and provide the information and insights needed to make educated decisions.

Protect Email With Sender Authentication

Sender authentication is a way to ensure that the email you receive is actually from the person or company that it claims to be from. This helps protect your email account from phishing and email fraud. Sender authentication can be implemented via three standards and protocols: SPF, DKIM, and DMARC. SPF helps prevent people from pretending to be someone else when emailing. DKIM checks that the email you receive hasn't been changed or faked. SPF and DKIM combine with DMARC email security services to give domain owners more control over their systems and safety. 

Invest in Managed Email Security Services

Fortifying business email against advanced attacks requires that organizations have a fully managed email security software solution with various layers of proactive protection in place. This solution must be designed to combat specific threats, provide the expertise and support needed to safeguard sensitive data, and detect then block threats in real-time. 

Email Security Best Practices

Ukraine Suffers Malware Attacks As War Continues

The cyber war between Russia and Ukraine has escalated, with the Ukrainian government experiencing a surge in cyberattacks. A recent attack involved the infamous information-stealing malware strain AgentTesla, delivered through a lure JPEG thumbnail related to the Russia-Ukraine war. The thumbnail refeagent tesla headlinerenced the Operational Command South (OC South), a Ukrainian military formation in the southern part of the country. Once the PPT file containing the malware was opened and the macro enabled, the malware spread to the targeted system, stealing credentials from web browsers and software programs like Microsoft Outlook.

This is not the first time Ukrainian government entities have been targeted with information-stealing malware. The UAC-0041 hacking collective was previously linked to the delivery of the AgentTesla spyware Trojan in earlier malicious operations against Ukraine. The latest attack also comes from phishing campaigns by the UAC-0056 group, which delivered Cobalt Strike Beacon. Such attacks on militaries and governments demonstrate the value of understanding every type of threat and how to make sure to avoid them.

Keep Learning About Malware Protection

Although different malware variants have different methods for spreading and infecting computers, most malware is delivered via email. Because email plays a pivotal role in business and society, we risk phishing attacks all the time. Luckily, by implementing the tips and practices in this article, you can mitigate the risk and implement malware protection to keep your business safe.

In this article...

Must Read Blog Posts

Latest Blog Articles