Education, Research The Most Attacked Industries in The Cyberspace


Cyber security firm Check Point Research has published its latest Global Threat Index for October 2021.

According to the report, the modular botnet and banking trojan, Trickbot, remains at the top of the most prevalent malware list, affecting 4% of organizations worldwide, while “Apache HTTP Server Directory Traversal” has entered the top ten list of exploited vulnerabilities. 

Check Point has also revealed that the most attacked industry is Education/Research.

Trickbot has been known to steal financial details, account credentials, and personally identifiable information, as well as spread laterally within a network and drop ransomware.

Since the Emotet takedown in January, Trickbot has featured at the top of the most prevalent malware list five times.

It is constantly being updated with new capabilities, features, and distribution vectors which enables it to be a flexible and customizable malware that can be distributed as part of multi-purpose campaigns. 

Furthermore, a new vulnerability, “Apache HTTP Server Directory Traversal”, has entered the top ten list of exploited vulnerabilities for October, in tenth place.

“The Apache vulnerability only came to light early in October and is already one of the top ten most exploited vulnerabilities worldwide, showing how fast attackers move. This vulnerability can lead threat actors to map URLs to files outside the expected document root by launching a path traversal attack,” said Maya Horowitz, VP Research at Check Point Software. 

Check Point also revealed this month that Education/Research is the most attacked industry globally, followed by Communications and Government/Military. 

“Web Servers Malicious URL Directory Traversal” is the most commonly exploited vulnerability, impacting 60% of organizations globally, followed by “Web Server Exposed Git Repository Information Disclosure”, which affects 55% of organizations worldwide.

“HTTP Headers Remote Code Execution” remains in third place in the top exploited vulnerabilities list, with a global impact of 54%.

Here is a summary of the firm’s report:

Top Malware Families

This month, Trickbot is the most popular malware impacting 4% of organizations worldwide, followed by XMRig with 3% and Remcos with 2%.

In Kenya, the most popular malware is Floxif impacting 17.24% of organizations in the country followed by Ramnit with 12.64% and XMRig with 8.05%.

  1. Floxif  Floxif is an info stealer and backdoor, designed for Windows OS. It was used in 2017 as part of a large-scale campaign in which attackers inserted Floxif (and Nyetya) into the free version of CCleaner (a cleanup utility) thus infecting more than 2 million users, amongst them large tech companies such as Google, Microsoft, Cisco, and Intel.
  2. Ramnit – Ramnit is a banking Trojan which incorporates lateral movement capabilities. Ramnit steals web session information, enabling the worm operators to steal account credentials for all services used by the victim, including bank accounts, corporate and social networks accounts.
  3. XMRig – First seen in the wild in May 2017, XMRig is an open-source CPU mining software used to mine Monero cryptocurrency.

Top Mobile Malware

This month, xHelper remains in first place in the most prevalent Mobile malwares, followed by AlienBot and XLoader.

1.       xHelper – A malicious application seen in the wild since March 2019, used for downloading other malicious apps and display advertisements. The application is capable of hiding itself from the user and can even reinstall itself in the event that it was uninstalled.

2.       AlienBot – AlienBot malware family is a Malware-as-a-Service (MaaS) for Android devices that allows a remote attacker, as a first step, to inject malicious code into legitimate financial applications. The attacker obtains access to victims’ accounts, and eventually completely controls their device.

3.       XLoader – XLoader is an Android Spyware and Banking Trojan developed by the Yanbian Gang, a Chinese hacker group. This malware uses DNS spoofing to distribute infected Android apps to collect personal and financial information.

Top Attacked Countries Globally

This month, Education/Research is the most attacked industry globally, followed by Communications and Government/Military.

  1. Education/Research
  2. Communications
  3. Government/Military