Top Malware of 2021 Has Been in Use for Years, CISA Warns

The Cybersecurity & Infrastructure Security Agency, in partnership with the Australian Cyber Security Centre, issued a Cybersecurity Advisory Thursday detailing the top malware strains observed last year.

According to the advisory, the top malware in 2021 included remote access trojans, banking trojans, information stealers and ransomware.

Specifically, 2021’s top malware strains were: Agent Tesla, AZORult, Formbook, Ursnif, LokiBot, MOUSEISLAND, NanoCore, Qakbot, Remcos, TrickBot and GootLoader.

For example, Qakbot and TrickBot were used to create botnets for use in ransomware attacks. Meanwhile, Formbook, Agent Tesla and Remcos were used to conduct mass phishing campaigns that used COVID-19 themes to steal personal information and business or individual credentials. The advisory notes that “developers create malware that malware distributors often broker to malware end-users.” Some malware was also marketed as legitimate software. 

CISA and ACSC state that most of these top strains have been used for more than five years—and some for more than 10 years—with their respective code bases evolving into several variations. The agencies note that the malicious code is supported, improved, updated and reused, which contributes to the longevity of the malware and its different versions. 

The governmental agencies urged organizations to use the recommendations in the joint advisory, adding that bad actors’ use of these strains “offers organizations opportunities to better prepare, identify and mitigate attacks from these known malware strains.”

The recommendations include promptly applying patches to systems and updating software, implementing user training, securing Remote Desktop Protocol, patching systems for known vulnerabilities and having offline data backups, as well as utilizing multi-factor authentication and implementing network segmentation.