CISA & ACSC Name 2021’s Top Malware

Uploaded on 2022-08-17 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

 The US Cybersecurity and Infrastructure Security Agency (CISA) released a list of the most detected 2021 malware strains in a joint advisory with the Australian Cyber Security Centre (ACSC). 

The cyber security agencies said that in 2021, the top malware types included remote access Trojans (RATs), banking Trojans, information stealers and ransomware. 

CISA and ACSC have been monitoring ransomware, rootkits, spyware, trojans, viruses, and worms and the top malware strains observed in 2021 include Agent Tesla, AZORult, Formbook, Ursnif, LokiBot, MOUSEISLAND, NanoCore, Qakbot, Remcos, TrickBot, and GootLoader.

Of these, Agent Tesla, AZORult, Formbook, LokiBot, NanoCore, Remcos, and TrickBot have been used in attacks for at least the last five years, while Qakbot and Ursnif have been used for over a decade.

These malware families' longevity is due to their developers' ongoing efforts to upgrade them by adding new capabilities and ways to evade detection.  

"Most of the top malware strains have been in use for more than five years with their respective code bases evolving into multiple variations," the cyber security agencies said. "The most prolific malware users of the top malware strains are cyber criminals, who use malware to deliver ransomware or facilitate theft of personal and financial information. Developers of these top 2021 malware strains continue to support, improve, and distribute their malware over several years. Malware developers benefit from lucrative cyber operations with low risk of negative consequences," the agencies added. "Many malware developers often operate from locations with few legal prohibitions against malware development and deployment."

Malware Security Suggestions 

The joint advisory includes Snort signatures for all malware in the top to detect payloads by monitoring network traffic and a list of mitigation measures. CISA and ACSC encourage admins and security teams to apply the following mitigations to defend against malware attacks:

  • Update software, including operating systems, applications, and firmware, on I.T. network assets.
  • Enforce MFA to the greatest extent possible.
  • If you use RDP and/or other potentially risky services, secure and monitor them closely.
  • Maintain offline, physically disconnected, backups of data.
  • Provide end-user awareness and training to help block social engineering and spear phishing attacks.
  • Implement network segmentation to separate network segments based on role and functionality

To mitigate the risk of malware attacks, organisations are strongly advised to train employees and users to be alert the sources of malware and remedial actions to take once infection is identified.

CISA:     ACS:   The Record:    Security MagazineCybersecurity Dive:   Bleeping Computer:   SC Magazine:  

You Might Also Read:

A Short Guide To Ransomware:

 

« Cyber Attack On London Crypto Exchange
Killnet Turn Their Attention To Lockheed Martin »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Okta

Okta

Okta is an enterprise-grade identity management service, built from the ground up in the cloud to address the challenges of a cloud-mobile-interconnected world.

Patchstack

Patchstack

Patchstack (formerly WebARX) is a web application security platform, which allows digital agencies and developers to monitor, protect and maintain their websites.

MER Group

MER Group

MER Group is a world-leading integrator in the areas of communications and security. MER cyber solutions cover the entire range of cyber and intelligence related products and services.

Rippleshot

Rippleshot

Rippleshot is a fraud analytics firm that detects mass card compromises faster, allowing issuers to execute more proactive fraud detection strategies.

TierPoint

TierPoint

TierPoint delivers secure, reliable, and connected infrastructure solutions at the internet’s edge. We meet you where you are in your journey to solve for data storage, compute, and recovery.

Critical Start

Critical Start

Critical Start provides Managed Detection and Response services, endpoint security, threat intelligence, penetration testing, risk assessments, and incident response.

Zercurity

Zercurity

Zercurity is on a mission to build the ultimate cybersecurity operations platform for businesses. To help protect against a growing number of internal and external threats.

BullWall

BullWall

BullWall is a digital innovator dedicated to fight cybercrime in its many forms. Our overarching purpose is to stop new and unknown strings of ransomware attacks in its tracks.

BIG Cyber

BIG Cyber

BIG Cyber is a specialized Managed Security Service Provider (MSSP) dedicated to bringing military grade cyber security technology to the gaming industry.

Tech Vedika

Tech Vedika

Tech Vedika has access to technical guidance, training and resources from AWS to successfully undertake solution architecture, application development, application migration, and managed services.

Hackurity.io

Hackurity.io

Hackurity.io is a high energy IT security start-up founded in 2021 out of the frustration that IT Security is highly fragmented and reactive.

ASRC Federal

ASRC Federal

ASRC Federal’s mission is to help federal civilian, intelligence and defense agencies achieve successful outcomes and elevate their mission performance.

HTL Support

HTL Support

HTL Support, your trusted partner for comprehensive IT support in London. We specialize in delivering top-tier IT solutions tailored to both large enterprises and small businesses.

ShieldIO

ShieldIO

ShieldIO Real-Time Homomorphic Encryption™ enables your organization to reach regulatory compliance without compromising data availability.

Nortal

Nortal

Nortal is a strategic digital transformation partner for leading companies and governments around the world.

CyFox

CyFox

CYFOX is at the forefront of cybersecurity innovation, specializing in providing cutting-edge AI-driven solutions tailored for any businesses.