The Australian Cyber Security Centre and the United States Cybersecurity and Infrastructure Security Agency have issued a joint advisory on the top eleven malware strains they observed last year, noting that several have been used by criminals for many years.
One of the oldest malware variants in the advisory, Qakbot, which started out as a banking Trojan for information theft, has evolved with new functionality added such as reconnaissance, lateral movement in networks, data gathering and exfiltration, dropping malicious payloads and forming botnets.
Along with banking Trojan Ursnif which is also known as Gozi, criminals have used Qakbot for over a decade now, with the malware infrastructure still active, the cybersecurity agencies said.
Malicious attachments and phishing emails are the favoured attack vectors for criminals to deliver malware such as Trickbot, with one of its developers being arrested in June last year.
Others such as information stealer AZORult, and the GootLoader multi-payload malware platform, can be delivered via infected websites, exploit kits, and droppers.
The full list of top malware of 2021 include:
- Agent Tesla
ACSC and CISA have published signatures for the SNORT intrusion detection system for the above malware strains.
The agencies advised organisations to keep software updated, enforce multi-factor authentication, to secure and monitor remote desktop protocol (RDP) and other such risky services, and keeping offline backups of their data.
End-users should also be provided with security awareness and training, the agencies said.
Longer term, ACSC and CISA suggested that organisations implement network segmentation to prevent the spread of ransomware, and to stop lateral movement by threat actors.
ACSC said it has observed ransomware and data theft incidents in which Australian subsidiaries of multinationals were affected, thanks to assets maintained and hosted by offshore divisions outside their control.