CISA & ACSC Name 2021’s Top Malware

 The US Cybersecurity and Infrastructure Security Agency (CISA) released a list of the most detected 2021 malware strains in a joint advisory with the Australian Cyber Security Centre (ACSC). 

The cyber security agencies said that in 2021, the top malware types included remote access Trojans (RATs), banking Trojans, information stealers and ransomware. 

CISA and ACSC have been monitoring ransomware, rootkits, spyware, trojans, viruses, and worms and the top malware strains observed in 2021 include Agent Tesla, AZORult, Formbook, Ursnif, LokiBot, MOUSEISLAND, NanoCore, Qakbot, Remcos, TrickBot, and GootLoader.

Of these, Agent Tesla, AZORult, Formbook, LokiBot, NanoCore, Remcos, and TrickBot have been used in attacks for at least the last five years, while Qakbot and Ursnif have been used for over a decade.

These malware families' longevity is due to their developers' ongoing efforts to upgrade them by adding new capabilities and ways to evade detection.  

"Most of the top malware strains have been in use for more than five years with their respective code bases evolving into multiple variations," the cyber security agencies said. "The most prolific malware users of the top malware strains are cyber criminals, who use malware to deliver ransomware or facilitate theft of personal and financial information. Developers of these top 2021 malware strains continue to support, improve, and distribute their malware over several years. Malware developers benefit from lucrative cyber operations with low risk of negative consequences," the agencies added. "Many malware developers often operate from locations with few legal prohibitions against malware development and deployment."

Malware Security Suggestions 

The joint advisory includes Snort signatures for all malware in the top to detect payloads by monitoring network traffic and a list of mitigation measures. CISA and ACSC encourage admins and security teams to apply the following mitigations to defend against malware attacks:

  • Update software, including operating systems, applications, and firmware, on I.T. network assets.
  • Enforce MFA to the greatest extent possible.
  • If you use RDP and/or other potentially risky services, secure and monitor them closely.
  • Maintain offline, physically disconnected, backups of data.
  • Provide end-user awareness and training to help block social engineering and spear phishing attacks.
  • Implement network segmentation to separate network segments based on role and functionality

To mitigate the risk of malware attacks, organisations are strongly advised to train employees and users to be alert the sources of malware and remedial actions to take once infection is identified.

CISA:     ACS:   The Record:    Security MagazineCybersecurity Dive:   Bleeping Computer:   SC Magazine:  

You Might Also Read:

A Short Guide To Ransomware:

 

« Cyber Attack On London Crypto Exchange
Killnet Turn Their Attention To Lockheed Martin »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Owl Cyber Defense

Owl Cyber Defense

Owl patented DualDiode Technology enables hardware-enforced network segmentation and deterministic, one-way transfer of all data types and file sizes.

Seqrite

Seqrite

Seqrite offers a highly advanced range of enterprise and IT security solutions to protect your organization's most critical data.

Oznet Cyber Security

Oznet Cyber Security

Oznet Cyber Security is dedicated to offering integral solutions oriented to the support and security of information.

CERT Tonga

CERT Tonga

CERT Tonga is the national Computer Emergency Response Team for Tonga.

th4ts3cur1ty.company

th4ts3cur1ty.company

th4ts3cur1ty.company specialize in delivering intelligence lead adversary emulation purple teaming & the bespoke building of Security Operation Centers.

HUB Security

HUB Security

Hub Security provide Ultra Secure, Military Grade HSM (Hardware Security Module) Solutions for Blockchain and Digital Assets.

Cyber Range Malaysia

Cyber Range Malaysia

With Cyber Range Malaysia organizations can train their security professionals in empirically valid cyber war-gaming scenarios necessary to develop IT staff skills and instincts for defensive action.

Acceptto

Acceptto

Acceptto offers the first unified and continuous authentication identity access platform with No-Password.

Jacobs

Jacobs

Jacobs is at the forefront of the most important security issues today. We are inspired to be the best and deliver innovative, mission-focused outcomes that matter to our clients.

Newberry Group

Newberry Group

The Newberry Group provides comprehensive IT services and solutions that optimize operations, minimize risk and deliver measurable business value.

Trellix

Trellix

Trellix is an extended detection and response (XDR) solutions provider created from a merger of McAfee Enterprise and FireEye Products.

Darkscope

Darkscope

Darkscope is an award-winning personalised cyber intelligence service provider. Our cutting-edge AI and Deep Artificial Neural Networks lead the world of cyber intelligence solutions.

American Technology Services (ATS)

American Technology Services (ATS)

American Technology Services provides unparalleled services in information technology to support small and mid-sized business. From top-level strategy, to managed services and infrastructure support.

Skyhigh Security

Skyhigh Security

Skyhigh Security enables your remote workforce while addressing your cloud, web, data, and network security needs.

BioID

BioID

BioID are a German company offering deepfake detection, liveness detection, facial authentication & identity verification as a Service. 

OpenZiti

OpenZiti

OpenZiti is the world’s most used and widely integrated open source secure networking platform. OpenZiti provides both zero trust security and overlay networking as pure open source software.