The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a list of the topmost detected malware strains last year in a joint advisory with the Australian Cyber Security Centre (ACSC).
“Most of the top malware strains have been in use for more than five years with their respective code bases evolving into multiple variations,” the cybersecurity agencies said.
“The most prolific malware users of the top malware strains are cyber criminals, who use malware to deliver ransomware or facilitate theft of personal and financial information.”
The top malware strains observed in 2021 include Agent Tesla, AZORult, Formbook, Ursnif, LokiBot, MOUSEISLAND, NanoCore, Qakbot, Remcos, TrickBot, and GootLoader.
Out of these, Agent Tesla, AZORult, Formbook, LokiBot, NanoCore, Remcos, and TrickBot have been used in attacks for at least the last five years, while Qakbot and Ursnif have been used for over a decade.
These malware families’ longevity is due to their developers’ ongoing efforts to upgrade them by adding new capabilities and ways to evade detection.
“Developers of these top 2021 malware strains continue to support, improve, and distribute their malware over several years. Malware developers benefit from lucrative cyber operations with low risk of negative consequences,” the agencies added.
“Many malware developers often operate from locations with few legal prohibitions against malware development and deployment.”
Malware defense tips
The joint advisory includes Snort signatures for all malware in the top to detect payloads by monitoring network traffic and a list of mitigation measures.
CISA and ACSC encourage admins and security teams to apply the following mitigations to defend against malware attacks:
- Update software, including operating systems, applications, and firmware, on I.T. network assets
- Enforce MFA to the greatest extent possible
- If you use RDP and/or other potentially risky services, secure and monitor them closely
- Maintain offline (i.e., physically disconnected) backups of data
- Provide end-user awareness and training to help block social engineering and spearphishing attacks
- Implement network segmentation to separate network segments based on role and functionality
In April, cybersecurity authorities worldwide, in partnership with the NSA and the FBI, also released a list of the top 15 vulnerabilities routinely exploited in attacks during 2021.
CISA and the FBI have also published a list of the top 10 most exploited security bugs between 2016 and 2019 and a top of most routinely abused bugs in 2020 in collaboration with the ACSC and U.K.’s National Cyber Security Centre (NCSC).
In June, MITRE also shared this year’s list of top 25 most dangerous software bugs after revealing the topmost dangerous programming, design, and architecture security flaws plaguing hardware in November 2021.