[CDP-development] CISA and ACSC joint Cybersecurity Advisory on 2021 Top Malware Strains

Masse, Theresa theresa.masse at cisa.dhs.gov
Thu Aug 4 09:07:10 PDT 2022 

FYSA



The Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) published a Cybersecurity Advisory (CSA)<https://www.cisa.gov/uscert/ncas/alerts/aa22-216a> that provides details on the 2021 top malware strains used by malicious cyber actors to covertly compromise and then gain unauthorized access to a computer or mobile device.



In the joint CSA titled, “2021 Top Malware Strains<https://www.cisa.gov/uscert/ncas/alerts/aa22-216a>,” the top malware strains fell into four categories: he top malware strains fell into four categories:

  *   Remote access Trojans (RATs) that open backdoor, enabling an adversary administrative control over the victim’s computer;
  *   Banking Trojans that can create botnets, steal credentials, inject malicious code into browsers, or steak money;
  *   Information stealers, which are commonly used to gather login information, like usernames and passwords and then sends it to adversary; and
  *   Ransomware, which blocks access to a computer system or files until a ransom is paid to cyber criminals.



Based on U.S. and Australian government reporting, the top malware strains of 2021 are:



RAT

Banking Trojan

Information Stealer

Ransomware

* Agent Tesla

** Ursnif

* AZORult

MOUSEISLAND

* NanoCore

** Qakbot

* Formbook

GootLoader (multi-use)

* Remcos

* TrickBot

* LokiBot







Of these strains, seven (*) malware strains have been used by malicious actors for at least five years, while two (**) have been in use for more than a decade. The most prolific malware users are cyber criminals, who leverage the malware to deliver ransomware or facilitate theft of personal and financial information.



The advisory provides a summary of each strain, which includes an overview, years active, delivery method, detection signatures, and resources that can help organizations assess and defend their networks. Nearly all of the strains are often delivered via phishing email with malicious attachment or hyperlink. A few of the strains are delivered through infected websites and/or exploit kits or via dropper malware, such as AZORult and Gootloader.

CISA and ACSC encourage organizations to review the joint CSA and apply the recommended mitigations, which include applying timely patches to systems, implementing user training, securing remote desktop protocol (RDP), patching all systems especially for known exploited vulnerabilities, making offline backups of data, and using multifactor authentication (MFA).

Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image002.png at 01D8A7E1.2CBE2A50]



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220804/0a6e1332/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 16152 bytes
Desc: image002.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220804/0a6e1332/attachment-0001.png>

More information about the CDP-development mailing list