February 2020’s Most Wanted Malware 145 0 Kommentare Increase in Exploits Spreading the Mirai Botnet to IoT Devices - Seite 2

Top malware families
*The arrows relate to the change in rank compared to the previous month.

This month, XMRig moved up to first place, impacting 7% of organizations globally, followed by Emotet and Jsecoin impacting 6% and 5% of organizations worldwide respectively.

↑ XMRig - XMRig is an open-source CPU mining software used for mining the Monero cryptocurrency, and was first seen in-the-wild on May 2017.
↓ Emotet – Emotet is an advanced, self-propagating and modular Trojan. Emotet used to be primarily a banking Trojan, but recently has been used as a distributor of other malware or malicious campaigns. It uses multiple methods for maintaining persistence, and evasion techniques to avoid detection. In addition, it can be spread through phishing spam emails containing malicious attachments or links.
↑Jsecoin - Jsecoin is a web-based crypto-miner designed to perform online mining of Monero cryptocurrency when a user visits a particular web page. The implanted JavaScript uses a large amount of the end user machines¿ computational resources to mine coins, thus impacting the system performance.

Top exploited vulnerabilities
This month, the “MVPower DVR Remote Code Execution” remained the most common exploited vulnerability, impacting 31% of organizations globally, closely followed by “OpenSSL TLS DTLS Heartbeat Information Disclosure” with a global impact of 28%. In the 3rd place “PHP DIESCAN information disclosure” vulnerability impacting 27% of organizations worldwide.

1. MVPower DVR Remote Code Execution - A remote code execution vulnerability exists in MVPower DVR devices. A remote attacker can exploit this weakness to execute arbitrary code in the affected router via a crafted request.
2. ↑ OpenSSL TLS DTLS Heartbeat Information Disclosure (CVE-2014-0160; CVE-2014-0346) - An information disclosure vulnerability exists in OpenSSL. The vulnerability is due to an error when handling TLS/DTLS heartbeat packets. An attacker can leverage this vulnerability to disclose memory contents of a connected client or server.
3. PHP DIESCAN information disclosure- An information disclosure vulnerability has been reported in the PHP pages. Successful exploitation could lead to the disclosure of sensitive information from the server.