March 2024’s Most Wanted Malware: Hackers Discover New Infection Chain Method to Deliver Remcos

March 2024’s Most Wanted Malware: Hackers Discover New Infection Chain Method to Deliver Remcos

Check Point® Software Technologies Ltd. has published its Global Threat Index for March 2024. Last month, researchers revealed that hackers were utilizing Virtual Hard Disk (VHD) files to deploy Remote Access Trojan (RAT) Remcos. Meanwhile, Lockbit3 remained the most prevalent ransomware group in March despite the law enforcement takedown in February, although its frequency on the 200 Check Point monitored ransomware “shame sites” reduced from 20% to 12%.

Remcos is one of the most wanted malware that has been seen in the wild since 2016. This latest campaign bypasses common security measures to give cybercriminals unauthorized access to victims’ devices. Despite its lawful origins to remotely manage Windows systems, cybercriminals soon began to capitalize on the tool’s capacity to infect devices, capture screenshots, log keystrokes, and transmit gathered data to designated host servers. Moreover, the Remote Access Trojan RAT has a mass mailer function that can enact distribution campaigns, and its various functions can be used to create botnets. Last month, it rose to fourth position on the top malware list from sixth place in February.

“The evolution of attack tactics highlights the relentless advancement of cybercriminal strategies,” remarks Maya Horowitz, VP of Research at Check Point Software. ” This underscores the need for organizations to prioritize proactive measures. By staying vigilant, deploying robust endpoint protection, and fostering a culture of cyber security awareness, we can collectively fortify our defenses against evolving cyber threats.”

Check Point’s Ransomware Index highlights insights from ransomware “shame sites” run by double-extortion ransomware groups that posted victim information. Lockbit3 again tops the ranking with 12% of published attacks, followed by Play at 10% and Blackbasta at 9%. Entering the top three for the first time, Blackbasta claimed responsibility for a recent cyberattack on the Scullion Law, a Scottish legal firm.

Last month, the top exploited vulnerability was “Web Servers Malicious URL Directory Traversal,” affecting 50% of organizations globally, followed closely by “Command Injection Over HTTP,” with 48% and “HTTP Headers Remote Code Execution” with 43%.