The Center for Internet Security (CIS) frequently publishes a blog post on the Top 10 Malware for each month. In July 2020, the top 10 malware variants encountered include many new variants. Specifically, 54 percent of the located malware infections were attributed to Shlayer. Shlayer is designed to infect MacOS devices with other variants of malware once installed. Shlayer was mainly distributed through infected webpages, compromised domains, and a fake Adobe Flash updater advertising campaign. Email and malspam were a prevalent initial infection vector, although malvertisement had surpassed malspam for the first time in over a year. (Center for Internet Security, 2020)

Checkout the full blog post here: https://www.cisecurity.org/blog/top-10-malware-july-2020/

Only two percent of the top malware infections were attributed to TrickBot which is a significant decrease. TrickBot is notorious in its functionality to drop the Ryuk Ransomware. TrickBot is a banking trojan that propagates across the network via a vulnerability in the Server Message Block Protocol. (Center for Internet Security, 2020)

Ryuk is one of the most destructive ransomware variants when it comes to state, local, tribal, and territorial entities. Ryuk was identified as the number one ransomware variant in 2019 as nearly a quarter of the incidents reported to the MS-ISAC were involving Ryuk. (Center for Internet Security, 2020) Banking trojans and ransomware variants are some of the most significant actors in the world of malware. While other malware variants are still in existence, many cybercrime organizations have pivoted to ransomware due to its increasingly high payouts.

In their 2020 State of Malware Report, Malwarebytes noted the effectiveness of TrickBot and Emotet teaming up with ransomware families to wreak havoc on many entities’ networks. TrickBot and Emotet have been identified to drop Ryuk, Sodinokibi, and Phobos. Sodinokibi has been reported to implement a ransomware as a service threat model. There is also a suspicion that Sodinokibi is operated by the same cybercrime organization responsible for the GandGrab ransomware. The cyber criminals utilizing Sodinokibi have been known to compromise managed service providers (MSPs) to distribute ransomware more efficiently. Once the MSP is compromised, the cybercriminals are able to push Sodinokibi to the MSP’s clients. (Malwarebytes, 2020)

References

Center for Internet Security. (2020). Security Primer – Ryuk. Retrieved from cisecurity.org: https://www.cisecurity.org/white-papers/security-primer-ryuk/

Center for Internet Security. (2020, August). Top 10 Malware July 2020. Retrieved from cisecurity.org.

Malwarebytes. (2020, February). 2020 State of Malware Report. Retrieved from malwarebytes.com: https://resources.malwarebytes.com/files/2020/02/2020_State-of-Malware-Report.pdf