Worst Malware and threat actors on 2018

What is the worst malware so far in 2018? The year isn’t quite over, but candidates for the role of “worst” have made themselves clear. According to a new report from Webroot, among the worst are three large botnets. The list starts with Emotet. Emotet is a Trojan that is primarily spread through spam emails (malspam). Next is Trickbot, both on the list and in the wild, adding capabilities (including the ability to carry ransomware payloads) to the ones introduced by Emotet. Zeus Panda is the third member of the botnet and banking Trojan trio, included because it employs a wide variety of distribution methods to infect its victims. Crysis/Dharma, GandCrab, and SamSam were the worst among ransomware. The top three in cryptomining/cryptojacking were GhostMiner, Wanna Mine, and Coinhive.

HSBC Bank data breach

HSBC Bank sent a letter to an undisclosed number of customers informing them of a data breach that might have exposed their personal information.The California Attorney General’s Office recently received a template of a letter that HSBC Bank sent out to customers on 2 November. The bank explains that it learned of unauthorized users accessing customers’ accounts between 4 October 2018 and 14 October 2018. It responded by suspending online access to affected customers’ accounts. It also reached out to these victims by phone or email to help them change their credentials and subsequently regain access to their accounts.

Security company acquisitions

Symantec acquired Appthority, since mobile apps are a critical threat vector and mobile users increase the enterprise attack surface. The tech will be included in Symantec’s Endpoint Protection Mobile. Symantec also acquired Javelin Networks. Javelin’s tech, which defends against Active Directory-based attacks, will be part of Symantec’s endpoint security business.

Chrome to block all ads on ‘abusive’ websites

Starting in December 2018, Google is stepping up its fight against the internet’s abusive ads problem by blocking every ad on a site that persistently shows them. Abusive ads come in many forms like generating fake system messages, automatically redirecting you, or attempt to steal personal information. Google warned that site owners have 30 days to fix the abusive experience flagged by the Abusive Experience Report before Chrome removes all the ads.

Feel free to contact E-SPIN for the assistance for solution capable to allow your enterprise to reverse engineering suspect malware, so your can perform any malware analysis to protect your nation or enterprise, as well as end to network, server, endpoint, mobile device malware, antivirus protection for latest threat and challenges.