Cybersecurity agencies, the US Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) have released a list of the topmost detected malware strains for 2021.
Most of the top malware strains have been in use for more than five years as banking trojans, remote access trojans, information stealers, and ransomware delivery tools, said the agencies.
The top malware strains observed in 2021 include Agent Tesla, AZORult, Formbook, Ursnif, LokiBot, Mouseisland, NanoCore, Qakbot, Remcos, TrickBot, and GootLoader. Out of these, Agent Tesla, AZORult, Formbook, LokiBot, NanoCore, Remcos, and TrickBot have been used in attacks for at least the last five years, while Qakbot and Ursnif have been used for over a decade.
“These malware families' longevity is due to their developers' ongoing efforts to upgrade them by adding new capabilities and ways to evade detection,” noted CISA in the advisory.
"Developers of these top 2021 malware strains continue to support, improve, and distribute their malware over several years. Malware developers benefit from lucrative cyber operations with low risk of negative consequences," it added.
According to the report, the malware on the list is used primarily for financial gain rather than, cyber espionage. “The most prolific malware users of the top malware strains are cyber criminals, who use malware to deliver ransomware or facilitate theft of personal and financial information,” said CISA.
For example, TrickBot, started as a banking Trojan but evolved into a modular malware and have since served as access brokers for ransomware groups, such as the notorious Conti gang, by using its network of already compromised machines, it said.
CISA further recommends that organisations patch all systems and prioritise patching known exploited vulnerabilities. It also stressed organisations on enforcing multi-factor authentication and securing remote desktop protocol services.
In April this year, CISA, in partnership with the NSA and the FBI, had published the top 15 routinely exploited vulnerabilities, which included the ProxyShell and ProxyLogon Exchange email servers' vulnerabilities, bugs in virtual private network (VPN) endpoints, and the Apache Log4j Log4Shell flaw.