<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<base href="https://tripwire.atlassian.net"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Franklin Gothic Book";
panose-1:2 11 5 3 2 1 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
p.xmsonormal, li.xmsonormal, div.xmsonormal
{mso-style-name:x_msonormal;
margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.xmsobodytext, li.xmsobodytext, div.xmsobodytext
{mso-style-name:x_msobodytext;
margin-top:12.55pt;
margin-right:31.7pt;
margin-bottom:0in;
margin-left:0in;
text-autospace:none;
font-size:11.0pt;
font-family:"Franklin Gothic Book",sans-serif;}
p.xmsonospacing, li.xmsonospacing, div.xmsonospacing
{mso-style-name:x_msonospacing;
margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.xmsolistparagraph, li.xmsolistparagraph, div.xmsolistparagraph
{mso-style-name:x_msolistparagraph;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:777676245;
mso-list-template-ids:-1095073376;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1
{mso-list-id:1074741910;
mso-list-template-ids:-2036707844;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">FYSA<o:p></o:p></p>
<div>
<div>
<div>
<div>
<p class="xmsonormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black"> </span><o:p></o:p></p>
<p class="xmsonormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">The Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) published a
<a href="https://www.cisa.gov/uscert/ncas/alerts/aa22-216a">Cybersecurity Advisory (CSA)</a> that provides details on the 2021 top malware strains used by malicious cyber actors to covertly compromise and then gain unauthorized access to a computer or mobile
device. </span><o:p></o:p></p>
<p class="xmsonormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black"> </span><o:p></o:p></p>
<p class="xmsonormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">In the joint CSA titled, “</span><a href="https://www.cisa.gov/uscert/ncas/alerts/aa22-216a"><span style="font-family:"Franklin Gothic Book",sans-serif">2021
Top Malware Strains</span></a><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">,” the top malware strains fell into four categories: he top malware strains fell into four categories:
</span><o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="xmsolistparagraph" style="color:black;margin-left:0in;mso-list:l1 level1 lfo3;vertical-align:baseline">
<span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">Remote access Trojans (RATs) that open backdoor, enabling an adversary administrative control over the victim’s computer;
</span><o:p></o:p></li><li class="xmsolistparagraph" style="color:black;margin-left:0in;mso-list:l1 level1 lfo3;vertical-align:baseline">
<span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">Banking Trojans that can create botnets, steal credentials, inject malicious code into browsers, or steak money;
</span><o:p></o:p></li><li class="xmsolistparagraph" style="color:black;margin-left:0in;mso-list:l1 level1 lfo3;vertical-align:baseline">
<span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">Information stealers, which are commonly used to gather login information, like usernames and passwords and then sends it to adversary; and
</span><o:p></o:p></li><li class="xmsolistparagraph" style="color:black;margin-left:0in;mso-list:l1 level1 lfo3;vertical-align:baseline">
<span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">Ransomware, which blocks access to a computer system or files until a ransom is paid to cyber criminals.</span><o:p></o:p></li></ul>
<p class="xmsonormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black"> </span><o:p></o:p></p>
<p class="xmsonormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">Based on U.S. and Australian government reporting, the top malware strains of 2021 are:
</span><o:p></o:p></p>
<p class="xmsonormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black"> </span><o:p></o:p></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="margin-left:40.25pt;border-collapse:collapse">
<tbody>
<tr>
<td width="102" valign="top" style="width:76.5pt;border:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="xmsonormal" align="center" style="text-align:center;vertical-align:baseline">
<span style="font-family:"Franklin Gothic Book",sans-serif;color:black">RAT</span><o:p></o:p></p>
</td>
<td width="126" valign="top" style="width:94.5pt;border:solid windowtext 1.0pt;border-left:none;padding:0in 5.4pt 0in 5.4pt">
<p class="xmsonormal" align="center" style="text-align:center;vertical-align:baseline">
<span style="font-family:"Franklin Gothic Book",sans-serif;color:black">Banking Trojan</span><o:p></o:p></p>
</td>
<td width="147" valign="top" style="width:110.45pt;border:solid windowtext 1.0pt;border-left:none;padding:0in 5.4pt 0in 5.4pt">
<p class="xmsonormal" align="center" style="text-align:center;vertical-align:baseline">
<span style="font-family:"Franklin Gothic Book",sans-serif;color:black">Information Stealer</span><o:p></o:p></p>
</td>
<td width="159" valign="top" style="width:119.05pt;border:solid windowtext 1.0pt;border-left:none;padding:0in 5.4pt 0in 5.4pt">
<p class="xmsonormal" align="center" style="text-align:center;vertical-align:baseline">
<span style="font-family:"Franklin Gothic Book",sans-serif;color:black">Ransomware</span><o:p></o:p></p>
</td>
</tr>
<tr>
<td width="102" valign="top" style="width:76.5pt;border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt">
<p class="xmsonormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">* Agent Tesla</span><o:p></o:p></p>
</td>
<td width="126" valign="top" style="width:94.5pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="xmsonormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">** Ursnif</span><o:p></o:p></p>
</td>
<td width="147" valign="top" style="width:110.45pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="xmsonormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">* AZORult</span><o:p></o:p></p>
</td>
<td width="159" valign="top" style="width:119.05pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="xmsonormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">MOUSEISLAND</span><o:p></o:p></p>
</td>
</tr>
<tr>
<td width="102" valign="top" style="width:76.5pt;border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt">
<p class="xmsonormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">* NanoCore</span><o:p></o:p></p>
</td>
<td width="126" valign="top" style="width:94.5pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="xmsonormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">** Qakbot</span><o:p></o:p></p>
</td>
<td width="147" valign="top" style="width:110.45pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="xmsonormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">* Formbook</span><o:p></o:p></p>
</td>
<td width="159" valign="top" style="width:119.05pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="xmsonormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">GootLoader (<i>multi-use</i>)</span><o:p></o:p></p>
</td>
</tr>
<tr>
<td width="102" valign="top" style="width:76.5pt;border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt">
<p class="xmsonormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">* Remcos</span><o:p></o:p></p>
</td>
<td width="126" valign="top" style="width:94.5pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="xmsonormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">* TrickBot</span><o:p></o:p></p>
</td>
<td width="147" valign="top" style="width:110.45pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="xmsonormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">* LokiBot</span><o:p></o:p></p>
</td>
<td width="159" valign="top" style="width:119.05pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="xmsonormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black"> </span><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
<p class="xmsonormal"><span style="font-size:12.0pt;color:white"> </span><o:p></o:p></p>
<p class="xmsonospacing"><span style="font-family:"Franklin Gothic Book",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonospacing"><span style="font-family:"Franklin Gothic Book",sans-serif">Of these strains, seven (*) malware strains have been used by malicious actors for at least five years, while two (**) have been in use for more than a decade. The most prolific
malware users are cyber criminals, who leverage the malware to deliver ransomware or facilitate theft of personal and financial information.</span><o:p></o:p></p>
<p class="xmsonospacing" style="margin-left:.5in"><span style="font-family:"Franklin Gothic Book",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">The advisory provides a summary of each strain, which includes an overview, years active, delivery method, detection signatures, and
resources that can help organizations assess and defend their networks. Nearly all of the strains are often delivered via phishing email with malicious attachment or hyperlink. A few of the strains are delivered through infected websites and/or exploit kits
or via dropper malware, such as AZORult and Gootloader. </span><o:p></o:p></p>
<p class="xmsobodytext" style="margin-bottom:12.0pt"><span style="color:black">CISA and ACSC encourage organizations to review the joint CSA and apply the recommended mitigations, which include applying timely patches to systems, implementing user training,
securing remote desktop protocol (RDP), patching all systems especially for known exploited vulnerabilities, making offline backups of data, and using multifactor authentication (MFA).
</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><span style="color:#1F497D">Theresa A. Masse<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cyber Security Advisor, Region 10 (Oregon)
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cybersecurity and Infrastructure Security Agency<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Department of Homeland Security<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Phone: (503) 930-5671
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Email:</span><span style="font-size:10.0pt;color:#777777">
</span><a href="mailto:theresa.masse@cisa.dhs.gov"><span style="font-size:10.0pt;color:#0563C1">theresa.masse@cisa.dhs.gov</span></a><u><span style="font-size:10.0pt;color:#0760C1"><o:p></o:p></span></u></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><img border="0" width="97" height="97" style="width:1.0138in;height:1.0138in" id="Picture_x0020_1" src="cid:image002.png@01D8A7E1.2CBE2A50"><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="xmsonormal"> <o:p></o:p></p>
</div>
</body>
</html>