According to Check Point’s latest Global Threat Index, Smoke Loader, a second stage malware downloader known to researchers since 2011, rose 11 places in December 2018 to reach ninth on index’s top ten list.
After its recent activity in Ukraine and Japan, its global impact rose by 20 places. Smoke Loader is mainly used to load other malware, including Trickbot Banker, AZORult Infostealer and Panda Banker, Check Point said.
“December’s report saw Smoke Loader appearing in the top 10 for the first time,” said Check Point research group manager, Maya Horowitz.
“Its sudden surge in prevalence reinforces the growing trend towards damaging, multi-purpose malware.”
Half of the top-10 threats listed on the index are made up of malware that uses multiple methods to distribute numerous threats, while the other half is composed of crypto-mining, Horowitz said.
The report also showed Banking Trojans rising up the list, with Ramnit, a banking trojan that steals login details, returned back to the top 10 in eighth place.
CoinHive retained its first place position for 13 consecutive months, affecting a total of 12% of organisations worldwide, Check Point said.
Ranked second most prominent malware was XMRig with a global reach of 8%, while JSEcoin was ranked third with a global reach of 7%.
“Organisations continue to be targeted by crypto miners despite an overall drop in value across all cryptocurrencies in 2018,” Check Point said.
Check Point researchers also said that CVE-2017-7269 “is the most popular exploited vulnerability for the 7th consecutive with a global impact of 48% of organisations”.
“In second place CVE-2017-7269 with a global impact of 43%, closely followed by Web servers PHPMyAdmin Misconfiguration Code Injection impacting 42% of organisations,” Check Point added.
Horowitz said that the wide range of threats means that organisations should start implementing a multi-layered cybersecurity strategy to protect themselves against any new threats.