CISA and ASCS Publish the Most Important Malware Variants in 2021

“Most of the top malware strains have been in use for more than five years, and their respective code bases have evolved into multiple variations,” according to the US Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC). Malware variants observed in 2021 include Agent Tesla, AZORult, Formbook, Ursnif, LokiBot, MOUSEISLAND, NanoCore, Qakbot, Remcos, TrickBot and GootLoader. Of these, some have been used in attacks for at least five years, while Qakbot and Ursnif have been in use for over a decade.

The longevity of these malware families is due to the constant adaptations of their developers, who keep adding new features and implementing changes that make them harder to detect. “The developers of these 2021-leading malware strains continue to support, enhance and distribute their malware for several years. Malware developers profit from lucrative low-risk cyberattacks,” the authorities added. “Many malware developers often operate from locations where there are few legal prohibitions against malware development and distribution.”

Malware defence tip

CISA and ACSC recommend that administrators and security teams implement the following measures to defend against malware attacks:

• Update software, including operating systems, applications and firmware, on I.T. network resources.
• Use MFA as much as possible
• If you use RDP and/or other potentially risky services, back them up and monitor them closely
• Perform offline backups of data
• Raise awareness and train end-users to prevent social engineering and spearphishing attacks
• Implement network segmentation to separate network segments based on role and functionality