The Australian Cyber Security Centre (ACSC) and the Cybersecurity and Infrastructure Security Agency (CISA) have released a joint cybersecurity advisory regarding the top malware strains observed being exploited throughout 2021.
According to this advisory, most of these top strains (remote access Trojans (RATs), banking Trojans, information stealers, and ransomware) have been seen in use for over five years, through different variations and evolutions. While malware is used for a variety of purposes, the government agencies point out that ransomware is a primary use case. The most prolific malware users are cyber criminals, who use malware to deliver ransomware or facilitate theft of personal and financial information.
The joint advisory highlights the top malware strains being used in attacks for financial gain (banking trojans) and to facilitate ransomware attacks across a variety of industries.
Ursnif, a banking trojan that has been around for several years, has targeted Australians over the last four years through themed spam campaigns claiming to be from the Australian Health Insurance, Medicare as well as impersonating smaller banks and credit unions in Australia.
The Trickbot trojan, which has been observed being used as part of a triple-threat to distribute the Ryuk ransomware in the past, remains one of the most prevalent malware strains seen in attacks in Australia today.
The primary delivery mechanism for most malware strains is malicious emails, either as part of attachments directly within emails or external hyperlinks to download a variety of file types including ZIP archives and ISO files. These include spearphishing campaigns, one of the primary ways that ransomware affects organisations today.
Satnam Narang, Sr. Staff Research Engineer at Tenable commented, “Understanding how these malware strains are delivered can help provide organisations with the knowledge they need to defend against these types of attacks. There’s no single solution that can prevent these types of attacks, which is why it is increasingly important for organisations to use a multifaceted approach, including end-user awareness and training, using anti-virus and anti-malware solutions and secure email gateways, and requiring multifactor authentication for all accounts within your organisation.”
You can read the full advisory here.
