- The number of attacks using infostealers, tools designed to steal data from computers, is increasing. Among them we find Russian software that is increasingly targeting Polish companies.
- The most commonly detected malicious software worldwide was FakeUpdates (also known as SocGholish), affected 6% of organizations globally.
- In October, Polish companies were attacked anywhere from 1482 to 1704 times per week on average, and cybercriminals most often utilized multi-platform malicious software, Androxgh0st.
The number of attacks with the use of infostealers i.e., tools stealing data from computers, is growing. Among them, we find increasingly Russian software attacking Polish companies – warns Check Point Software. Experts also emphasize the increasingly advanced methods of cyber attacks.
According to cyber security analysts data, in October 2024, the most commonly detected malicious software was FakeUpdates (also known as SocGholish), which impacted 6% of organizations globally. FakeUpdates is a JavaScript-based downloader that saves malicious payloads to disk before executing them. This software opens doors for other threats such as GootLoader, Dridex, and AZORult, making it an extremely dangerous tool in the hands of cybercriminals.
Check Point Research also provided information about the attacks in Poland. In October, Polish businesses were attacked anywhere from 1482 to 1704 times weekly on average, and the multi-platform malicious software Androxgh0st was commonly used by cybercriminals. This malware exploits vulnerabilities in popular frameworks such as PHPUnit and Laravel. It steals sensitive data, including authentication information to various services such as Twilio and AWS. Androxgh0st is particularly dangerous for companies as it infects servers and computers through known vulnerabilities and has been detected in nearly 5.5% of Polish business networks.
Second place was taken by the Lumma Stealer, an infostealer originating from Russia and offered as Malware-as-a-Service (MaaS). This program steals login data from web browsers and cryptocurrency wallets. Its innovative distribution methods, like fake CAPTCHA pages, make it effective and hard to detect. 3.5% of Polish networks have dealt with its malicious potential.
Completing the Polish podium with 3% of threats impact was CrimsonRAT, a remote access trojan that uses Java. It is spread via spam campaigns containing malicious Microsoft Office documents. Once infected, CrimsonRAT can control the infected computers and perform various malicious operations.
New trends in attacks?
Check Point Research analysts note that one of the latest trends is the use of fake CAPTCHA pages for the distribution of the Russian software Lumma Stealer (No. 2 in Poland, No. 4 globally). This global campaign affects users through infected game download links and phishing aimed at GitHub programmers. Malicious scripts are copied to the users’ clipboard and then executed, allowing infostealers to steal authentication data and other sensitive information.
– The increase in sophisticated infostealers highlights a changing cyber-reality. Hackers are modifying their methods and utilizing innovative attack vectors. Organizations need to move beyond traditional defensive methods, adopting proactive and adaptive security measures that anticipate emerging threats to effectively counter these persistent challenges, says Maya Horowitz, Vice President of Research at Check Point Software.
The number of attacks using a new version of Necro, a type of malicious software for mobile devices, has increased. It has infected applications available on Google Play, reaching over 11 million devices. Necro hides its malicious payloads using steganography, which allows for displaying hidden ads and signing users up for paid services without their knowledge.
Source: https://ceo.com.pl/nawet-1700-atakow-w-tygodniu-oto-ranking-glownych-zagrozen-w-polskiej-sieci-70504
