CISA, Australian Cyber Security Centre Release Advisory on 2021 Top Malware Strains
A joint advisory from the Cybersecurity and Infrastructure Security Agency and the Australian Cyber Security Centre urges organizations to proactively address malware strains that have been targeting systems for at least five years.
The government agencies warned against top malware strains in 2021, namely Agent Tesla, AZORult, Formbook, Ursnif, LokiBot, MouseIsland, NanoCore, Qakbot, Remcos, TrickBot and GootLoader. The malware are being used to perform ransomware attacks and mass phishing campaigns to access personally identifiable information and business credentials, NextGov reported Tuesday.
Formbook, Agent Tesla and Remcos are known for stealing sensitive data using COVID-19 themes while Qakbot and TrickBot are used to develop botnets for ransomware attacks.
According to the advisory, some of the top strains are being marketed as legitimate cybersecurity tools, noting that Remcos and Agent Tesla are offered as low-cost software for remote management and penetration testing.
CISA and ACSC pointed to the continuous code updates on malware strains as the reason why most of the top strains have compromised systems for more than 10 years.
The advisory contains recommendations to help organizations improve their cybersecurity posture based on known adversary tactics, techniques and procedures. CISA and ACSC urged entities to update software and focus on patching known exploited vulnerabilities and critical and high vulnerabilities that allow for remote code execution or denial-of-service on internet-facing equipment.
Other recommendations include implementing multifactor authentication, requiring accounts to have strong passwords, and monitoring and securing risky services, such as remote system access. The ACSC has also formed its own strategies to mitigate cybersecurity incidents. According to the center, the strategies, dubbed Essential Eight, will harden systems against adversaries.
Tags: Australian Cyber Security Centre cybersecurity cybersecurity advisory Cybersecurity and Infrastructure Security Agency identity theft malware Nextgov phishing ransomware