A Year in Malware – The Nastiest Malware of 2022
Much of our time this year has been spent working with our clients, making sure they’re ready to fend off newly emerging cyber threats or malware strains. So to look back at the year, we thought we’d round up what many experts agree has been the nastiest malware of 2022.
No. 1: Emotet
At the top of the list is Emotet. Chances are you haven’t heard of it by that name, but it’s a trojan that’s spread by spam email and is a go-to solution for cybercriminals. It usually looks like a genuine email with familiar branding, but it tries to persuade the recipient to click a malicious link (using language like ‘your invoice’ or ‘payment details’. It may also look like it’s from a parcel company). This malware goes through your contact list and sends itself to family, friends, colleagues and clients. Then, it looks less like spam, because it has come from your email account. Typical initial access technique: Macro-enabled document file, which spreads through spam emails (malspam). Emotet uses social engineering tricks to look legitimate and deceive the victim into downloading the malicious Office file and enabling macros.
No. 2: LockBit
In the second position is LockBit. This is ransomware that’s designed to block access to your files and systems when cyber criminals encrypt them. They ask you to pay a ransom for the decryption key (which often they still don’t hand over even when you’ve paid). This is a targeted attack that spreads itself once it’s infiltrated one device on a network. In fact, it can ‘live’ for weeks inside a network before the attack is launched. Typical initial access technique: Compromised servers or RDP accounts that are usually purchased/obtained from affiliates.
No. 3: Conti
In third place is Conti, another form of ransomware. This strain of ransomware is differentiated from other strains by the speed at which it is able to encrypt files and spread them to different systems. Conti ransomware also employs a “double-extortion” technique, which not only encrypts the victims’ data and demands payment but also takes copies of the victims’ data. The attackers will expose or sell the copied data if the victim refuses to pay. Typical initial access technique: Trickinh an employee into handing over credentials, typically through some form of social engineering technique. In some cases, they will exploit vulnerable firewalls or target any internet-facing RDP (Remote Desktop Protocol) servers in order to access the network.
No. 4: Qbot
In the fourth position is Qbot, also known as QakBot, QuackBot and Pinkslipbot. This is a trojan designed to steal banking information and passwords. Typical initial access technique: Phishing emails containing malicious documents, attachments, or password-protected archives with the documents attached. Some versions were observed being distributed by a dropper, such as Emotet (see above).
Cybersecurity Best Practices
It may all sound scary, but there’s plenty you can do to give your business greater protection from these threats:
- Keep your entire network and all devices updated with consistent monitoring, 24x7x365.
- Don’t download suspicious attachments or click links unless you’re certain they’re genuine.
- Practice strong password hygiene, including multi-factor authentication, password managers, biometrics and Passkeys where available.
- Give your people access to only the systems and files they need. Remove ex-employees from your network immediately.
- Create and regularly check back-ups.
- Educate your people regularly.
We can help with all of this – just get in touch!