This is proven by the new threat report from G DATA CyberDefense. Criminal actors are currently using Berbew, Neojitt and FormBook in particular to infiltrate private users and companies.
In mid-December 2021, the BSI announced a red warning level for the Log4J (also called Log4Shell) security vulnerability. Even back then, the authority warned that cybercriminals were actively exploiting the vulnerability. These fears are currently coming true, as the current threat report from G DATA CyberDefense shows. Instead of new waves of attacks, cybercriminals are currently launching targeted attacks on companies that they had already infiltrated via the security gap at the end of the year. At that time, the attackers installed backdoors unnoticed, which they are now exploiting and injecting further malicious code into the network - even encrypting the data. What's particularly dramatic is that not all companies have still closed this vulnerability. So you continue to be a potential target for cybercriminals. They also have the appropriate tools to find and infiltrate these exposed systems.
“Unfortunately, the fears from the beginning of the year regarding the exploitation of the security gap in Log4J are coming true. Because they are so easy to exploit, criminals have compromised hundreds of thousands of systems in advance and have only recently begun to monetize these infections by deploying ransomware. Anyone who has installed the security update provided early should be on the safe side.”
Tim Berghoff, Security Evangelist at G DATA CyberDefense
As in the second quarter, the number of new cyber attacks is declining. In a comparison between the third and second quarters of 2022, the number of attacks averted fell by 13.7 percent. The decline is greater among consumers than among companies. The number of averted attacks on business customers fell by 7.5 percent from the second to the third quarter, and by almost 15 percent for private customers.
New attack routes into the network
Cyber criminals are currently using the Berbew, Neojitt and Formbook malware to attack systems. Berbew is a Trojan that reads passwords and sends them to a remote web server. Berbew also acts as a web proxy, allowing attackers to use the infected system as a relay for remote access to other systems. Cybercriminals distribute the Trojan via email as an attachment with malicious code or via data sharing programs.
FormBook is an infostealer that leaks data from infected systems, such as credentials or screenshots cached in web browsers. Additionally, it also offers a downloader function, allowing attackers to execute malicious files on an infected system. Formbook is so popular precisely because it is marketed on underground forums at a bargain price for malware-as-a-service (MaaS) models.
No reason to give the all-clear
Despite the declining numbers, IT security in Germany is in poor shape. Because attackers consistently exploit security gaps to compromise companies. Even inattentive employees repeatedly open the door to cyber criminals when they fall for phishing emails and open attachments with malicious code or reveal access data on fake websites. Many companies still have some catching up to do here – both when it comes to technological protective measures and when it comes to security awareness.
Source:
Press release
You might also be interested in: Digital credit card fraud
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )