Check Point: TrickBot Emerges as UAE’s Top Malware Threat

Check Point Research (CPR) reports TrickBot Emerges as UAE’s Top Malware Threat impacting 7% of the organisations, however Emotet trojan continued to reign as the top malware globally in January 2021, and its impact was seen across 6% of organisations in the UAE

0 912
Ram Narayanan, Check Point Software Technologies Middle East
Ram Narayanan, Check Point Software Technologies Middle East

Check Point Research, the Threat Intelligence arm of Check Point Software Technologies Ltd., has published its latest UAE Threat Index for January 2021. Researchers found that banking trojan Trickbot impacted 7% of organisations in the UAE, while the Emotet trojan which has remained in first place in the top malware list globally for a second month running impacting 6% of businesses in the UAE.

Trickbot is a modular Banking Trojan that targets the Windows platform and is mostly delivered via spam campaigns or other malware families such as Emotet. Trickbot sends information about the infected system and can also download and execute arbitrary modules from a large array of available modules: from a VNC module for remote control, to an SMB module for spreading within a compromised network. Once a machine is infected, the Trickbot gang, the threat actors behind this malware, utilise this wide array of modules not only to steal banking credentials from the target PC, but also for lateral movement and reconnaissance on the targeted organisation itself, prior to delivering a company-wide targeted ransomware attack.

After an international police takedown on January 27, 2021, Emotet witnessed a 14% decrease in the number of organisations that were impacted by the botnet activity, and law enforcement agencies plan to mass-uninstall Emotet from infected hosts on April 25thFirst identified in 2014, Emotet has been regularly updated by its developers to maintain its effectiveness for malicious activity.  Emotet maintained the top position in Check Point’s Global Threat Index, highlighting the vast global impact this botnet has had.

“We’re seeing an increase in ransomware and malware attacks in the UAE since the pandemic began last year. While Emotet continues to impact businesses, it is interesting to see how quickly Trickbot has evolved as top malware targeting organisations in the UAE,” said Ram Narayanan, Country Manager, Check Point Software Technologies – Middle East. “Considering UAE is currently ranked no 32 on the high-risk index, businesses must be extra vigilant and deploy efficient technologies to prevent these attacks in real time to ensure these malwares don’t cause further serious damage by being the gateway to a ransomware attack. It is also important for businesses to continue providing comprehensive training for employees to identify malicious emails and avoid the spread of trojans and bots.”

Top malware families impacting UAE businesses in January 2021

Trickbot ranks as the most popular malware with a UAE-wide impact of 7%, closely followed by Emotet and Hiddad impacting of 6% of organisations each.

  1. Trickbot – Trickbot is a dominant banking Trojan constantly being updated with new capabilities, features and distribution vectors. This enables Trickbot to be a flexible and customisable malware that can be distributed as part of multi purposed campaigns.
  2. Emotet – Emotet is an advanced, self-propagating and modular Trojan. Emotet was once a banking Trojan, and recently has been used as a distributor of other malware or malicious campaigns. It uses multiple methods for maintaining persistence and evasion techniques to avoid detection. In addition, it can be spread through phishing spam emails containing malicious attachments or links.
  3. Hiddad – Hiddad is an Android malware which repackages legitimate apps and then releases them to a third-party store. Its main function is to display ads, but it can also gain access to key security details built into the OS.

Top mobile malwares impacting UAE businesses

Hiddad is followed closely by xHelper, a malicious application seen in the wild since March 2019, and used for downloading other malicious apps and display advertisement, impacting 5% of users. The application is capable of hiding itself from the user, and reinstall itself in case it was uninstalled.

Remote access trojan, njRAT which targets mainly government agencies and organisations in the Middle East impacted 3% of UAE organisations. The Trojan first emerged on 2012 and has multiple capabilities from capturing keystrokes, accessing the victim’s camera, stealing credentials stored in browsers, uploading and downloading files, performing process and file manipulations, and viewing the victim’s desktop. njRAT infects victims via phishing attacks and drive-by downloads, and propagates through infected USB keys or networked drives, with the support of Command & Control server software.

Leave A Reply

Your email address will not be published.

Join our mailing list
Sign up here to get the latest news, updates and special offers delivered directly to your inbox.