A notorious botnet campaign has increased in activity over the past month, with cybercriminals using it to distribute a ransomware campaign alongside other malware.
Researchers from cybersecurity provider Check Point analyzed the most common cyber threats directed at organizations by their June 2020 Most searched malware reported and saw a huge increase in attacks via the Phorpiex botnet
Phorpiex is known for distributing a number of malware and spam campaigns, including large-scale distortion email campaigns, but over the course of June the number of detections increased significantly compared to May.
SEE: A winning strategy for cybersecurity (ZDNet Special Report) | Download the report in PDF (TechRepublic)
The increase in Phorpiex detections grew to such an extent that it was the second-most-detected malware campaign during June, after being ranked 13th in May. The number of attack attempts was so high that 2% of organizations were attacked by the botnet.
The botnet sends spam emails that attempt to deliver a malicious load to victims. For the past month it has been used to drive an Avaddon ransomware campaign.
This particular ransomware family only appeared in June and Phorpeix tries to lure victims to open a Zip attachment in a phishing email using a wink emoji as the theme. It may sound like a basic form of cyber attack, but criminals wouldn’t use it if it didn’t work.
Previously, Phorpiex, which is also known as Trik, has been used to distribute spam campaigns for other forms of ransomware, including GandCrab and Pony, as well as to mine cryptocurrencies on infected machines.
“Organizations should educate employees on how to identify the types of spam that these threats carry, such as the latest campaign targeting users with emails containing a winking emoji and ensuring that they implement security that actively prevents them from infecting their Networks, “Check Point researchers warned in a blog post.
While Porpiex attacks have increased significantly, the most commonly detected malware during June was Agent Tesla, an advanced remote access Trojan that was detected targeting 3% of organizations.
Agent Tesla is an information thief and a keylogger, giving attackers the ability to see absolutely everything on the infected computer, including usernames, passwords, browser history, system information, and more, everything what it takes to compromise a network.
The third most commonly detected malware in June was XMRig, an open source cryptocurrency mining malware that uses the CPU power of infected machines to generate Monero. It has been active since May 2017.
SEE: DDoS botnet encoder gets 13 months in prison
The rest of the top 10 most searched malware for June is made up of known names like Dridex, Trickbot, Ramnit and Emotet that have long been staples of cybercriminal activity, either stealing information or being used as a springboard for long Campaigns. more destructive. For example, Trickbot and Emotet are often used as the first stage of large-scale ransomware attacks.
Many of the common forms of malware are based on vulnerabilities and vulnerabilities that have been known for a long time, so they can be protected by applying security patches, which in some cases have been available for years.
