REPORTS

Joint cybersecurity advisory

August 5, 2022

 2021 Top MalwareStrains

This joint Cybersecurity Advisory (CSA) was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC). This advisory provides details on the top malware strains observed in 2021. Malware, short for “malicious software,” can compromise a system by performing an unauthorized function or process. Malicious cyber actors often use malware to covertly compromise and then gain access to a computer or mobile device. Some examples of malware include viruses, worms, Trojans, ransomware, spyware, and rootkits.

In 2021, the top malware strains included remote access Trojans (RATs), banking Trojans, information stealers, and ransomware. Most of the top malware strains have been in use for more than five years with their respective code bases evolving into multiple variations. The most prolific malware users are cyber criminals, who use malware to deliver ransomware or facilitate theft of personal and financial information.

CISA and ACSC encourage organizations to apply the recommendations in the Mitigations sections of this joint CSA. These mitigations include applying timely patches to systems, implementing user training, securing Remote Desktop Protocol (RDP), patching all systems especially for known exploited vulnerabilities, making offline backups of data, and enforcing multifactor authentication (MFA).

TECHNICAL DETAILS

Key Findings

The top malware strains of 2021 are: Agent Tesla, AZORult, Formbook, Ursnif, LokiBot, MOUSEISLAND, NanoCore, Qakbot, Remcos, TrickBot and GootLoader.

  • Malicious cyber actors have used Agent Tesla, AZORult, Formbook, LokiBot, NanoCore, Remcos, and TrickBot for at least five years.
  • Malicious cyber actors have used Qakbot and Ursnif for more than a decade.

Updates made by malware developers, and reuse of code from these malware strains, contribute to the malware’s longevity and evolution into multiple variations. Malicious actors’ use of known malware strains offers organizations opportunities to better prepare, identify, and mitigate attacks from these known malware strains.

SHARE:
Price: FREE

About the Provider

ACSC
The Australian Cyber Security Centre is the Australian Government lead agency for cybersecurity. The ACSC is part of the Australian Signals Directorate and based at the Australian Security Intelligence Organisation headquarters in the Ben Chifley Building.

TOPICS

Banking Trojans, Cybersecurity, Malware, ransomware, Remote access Trojans