- Every week, over 1000 cyberattacks are carried out on a single organization globally and over 600 attempts in Poland.
- The most frequently used tools by cybercriminals were the infostealer Formbook (detected in 3% of organizations worldwide), downloader FakeUpdates (2%), and the remote access trojan Remcos (1%). In Poland, networks were mainly infected by the Nanocore trojan (2.1%), ransomware Snatch (1.95%), and trickler Tofsee (1.78%).
- The most frequently exploited vulnerability is “Command Injection Over HTTP”, which has affected 45% of organizations worldwide.
1000 attacks globally and 600 attempts weekly on a single Polish organization. In November, one of the bigger hacker campaigns was AsyncRAT, in which malicious HTML files were used to distribute hidden malware. Cybercriminals are also again using the JavaScript downloader FakeUpdates, which has become the second most commonly used malicious software in the world, second only to Formbook – this is according to analysis by cybersecurity specialists from Check Point Research.
The landscape of cyber threats changes practically week by week. Check Point Research experts have revealed the latest data on hacker attacks, with an average of 1000 per single organization globally per week in November. In Poland, this figure was much lower – a single company operating in Poland experienced on average 600 attempted attacks per week. Although this number may seem large, it is one of the lowest figures in recent years.
Have cybercriminals given up on Polish companies?
The most frequently used tools by cybercriminals were the infostealer Formbook (detected in 3% of organizations worldwide), downloader FakeUpdates (2%), and the remote access trojan Remcos (1%). In Poland, networks were mainly infected by the Nanocore trojan (2.1%), ransomware Snatch (1.95%), and trickler Tofsee (1.78%).
However, security analysts have been particularly attentive to AsyncRAT, a remote access trojan (RAT) known for its ability to remotely monitor and control computer systems undetected. This malware, which last month was the sixth most frequently detected malicious software, uses various file formats, such as PowerShell and BAT, to carry out process injection. In November, it was involved in a campaign where recipients received an email with an embedded link. Upon clicking the link, a malicious HTML file was downloaded, which allowed the trojan to be installed.
The downloader FakeUpdates is also noteworthy. After a two-month hiatus, it has reappeared on the list of most popular malicious programs. Written in JavaScript, this malicious software distribution platform encourages users to run fake browser updates. This has led to further breaches through a variety of other malicious programs, including GootLoader, Dridex, NetSupport, DoppelPaymer, and AZORult. The main targets of FakeUpdates have been organizations in the education and research sectors.
– “The AsyncRAT campaign and the resurgence of FakeUpdates underscore a trend where attackers exploit deceptive simplicity to bypass traditional defense mechanisms. These cases emphasize the need for organizations to adopt a multi-layered approach to security, which does not only rely on recognizing known threats, but also has the ability to identify new attack vectors, prevent them, and respond to them before they cause damage” – Maya Horowitz, vice president of research at Check Point Software said. Check Point Research also revealed that the most frequently exploited vulnerability is “Command Injection Over HTTP”, which has affected 45% of organizations worldwide.
