The Australian CyberSecurity Center and the United States CyberSecurity and Infrastructure Security Agency have issued a joint recommendation on the top 11 malware strains seen over the past year, saying many have been around for years used by criminals.
One of the oldest malware variants in the advisory, Cockbot, which started as a banking trojan for information theft, has evolved with new functionalities such as reconnaissance, lateral movement across networks, data collection and exclusion, terminating malicious payload, and creating a botnet.
Cybersecurity authorities said that with the banking Trojan Ursnif, also known as Goji, criminals have been using Kakbot for more than a decade, the malware infrastructure is still active.
Malicious attachments and phishing emails are the attack vectors of choice for criminals to proliferate malware like Trickbot after one of its developers was arrested in June last year.
Others, such as information thief AZORult and multi-payload malware platform GootLoader, can be distributed via infected websites, exploit kits, and droppers.
The full list of top malware for 2021 includes:
- Agent Tesla
- form book
- primeval snuff
- moose country
- cock boat
- trick boat
- good loader
ACSC and CISA have released SNORT Intrusion Detection System signatures for the above malware strains.
The agencies advised businesses to keep software updated, implement multi-factor authentication, secure and monitor Remote Desktop Protocol (RDP) and other such risky services, and keep offline backups of their data.
The agencies said security awareness and training should also be provided for the end users.
ACSC and CISA have long suggested that organizations implement network segmentation to prevent the spread of ransomware and prevent cross movement of threat actors.
The ACSC said it has seen incidents of ransomware and data theft affecting Australian subsidiaries of multinationals thanks to assets managed and hosted by offshore departments outside of their control.