The US CISA and the Australian ACSC have published a joint advisory on top malware strains of 2021.
CISA and ACSC have been monitoring ransomware, rootkits, spyware, trojans, viruses, and worms, but trojans dominated the landscape last year, when Agent Tesla, AZORult, Formbook, GootLoader, LokiBot, MouseIsland, NanoCore, Qakbot, Remcos, TrickBot and Ursnif were the top malware strains.
Qakbot and Ursnif have been used for more than a decade.Agent Tesla, AZORult, FormBook, LokiBot, NanoCore, Remcos, and Ursnif are trojans used to steal victims’ information, while GootLoader, Qakbot, TrickBot are used to deploy additional payloads.
TrickBot has been observed enabling initial access for Conti ransomware, which accounted for roughly 450 ransomware attacks in the first half of 2021.
Agent Tesla and Remcos are two trojans that have been offered as legitimate tools for pentesting and remote management, and cybercriminals can purchase them online at low cost.
To mitigate the risk of from these malware attacks, organizations should keep their software and operating systems updated, implement network segmentation, enforce MFA secure and monitor RDP and other risky services, create offline backups of their data, and educate employees and users on how to identify social engineering and phishing attempts.