TrickBot and Emotet topped the list of most prolific malware strains in October, helping in the process to drive a surge in ransomware infections, according to new analysis from Check Point Software.
The Tel Aviv-headquartered security vendor compiled its Global Threat Index for October 2020 from data flowing through its ThreatCloud threat intelligence system, which is said to inspect over 2.5 billion websites and 500 million files daily.
Emotet emerged as the most prevalent malware last month, accounting for 12% of infected organizations. TrickBot and Android malware Hiddad came next, with a global impact of 4% each.
Both Emotet and TrickBot started life as banking Trojans, but have evolved significantly in recent years and now feature advanced modular functionality to enable everything from crytojacking and ransomware to sophisticated data theft.
Increasingly, they’re being used to provide access for attackers and maintain persistence in victim networks as a precursor to additional malware downloads such as ransomware.
This has led to a 71% increase in ransomware attacks on US healthcare organizations last month versus September, whilst the figures jumped 36% in EMEA and 33% in APAC, according to Check Point.
“We’ve seen ransomware attacks increasing since the start of the coronavirus pandemic, to try and take advantage of security gaps as organizations scrambled to support remote workforces. These have surged alarmingly over the past three months, especially against the healthcare sector, and are driven by pre-existing TrickBot and Emotet infections,” explained Maya Horowitz, director of threat intelligence and research, products at Check Point.
“We strongly urge healthcare organizations everywhere to be extra vigilant about this risk, and scan for these infections before they can cause real damage by being the gateway to a ransomware attack.”
The findings chime with those of HP Inc, which revealed last week that attacks using the Emotet Trojan soared by over 1200% from Q2 to the third quarter of this year.