Skip to main content

These are the nastiest cyber threats this Halloween

Skull and Bones
(Image credit: Pixabay)

To avoid falling victim to a malware infection, users first need to be aware of which malware strains are actively being used by cybercriminals in their attacks which is why Webroot releases a list of the nastiest malware each year.

In its third annual nastiest malware list, the cybersecurity firm examined this year's biggest cyber threats and ranked them based on their severity. 

According to Webroot, phishing and remote desktop protocol-related breaches remain the top methods its has observed cybercriminals using to launch their attacks. However, new malware strains and tactics are being deployed each day while others have received upgrades that made them more powerful.

This year the main trend the firm observed is modularity as cybercriminals have adopted a more modular malware methodology in which they combine attack methods and mix-and-match tactics to ensure their attacks reach their intended targets.

Nastiest malware of 2020

Emotet has once again taken the top spot on Webroot's list of the nastiest malware for the third year in a row. The malware is deployed by cybercriminals in a botnet that is used to spread ransomware and it often appears alongside TrickBot, Dridex, QakBot, Ryuk, BitPaymer and REvil.

Next up on the list is the Gozi trojan, IcedID trojan and Maze ransomware which are often deployed together. In a potential attack scenario, Gozi could end up on a machine through a malicious email, botnet or even TrickBot and then drop the IcedID trojan to help improve an attacker's chances of obtaining the credentials or information they want.

Just like TrickBot, Dridex is another popular banking/info-stealing Trojan that made Webroots's list this year. It has been around for years and is dropped via Emotet or through malicious spam campaigns. Also in a similar manner to TrickBot, Dridex spreads laterally and typically deploys ransomware such as BitPaymer/DoppelPaymer.

While these malware strains were the nastiest this year, they aren't the only ones to make the list. Other notable contenders for the nastiest malware of 2020 including the REvil and Dharma ransomware, the multi-functional malware distribution tool Valak and the info-stealing trojan QakBot.

To prevent falling victim to malware, Webroot recommends organizations lock down RDP, educate their employees about phishing, install a reputable security suite, develop a disaster recovery plan and backup up their important data.