Researchers uncovered a substantial Qbot malspam campaign distributed through malicious PDF files attached to emails seen in multiple languages.

A new Emotet campaign is bypassing Microsoft blocks to distribute malicious OneNote files, according to Check Point Software Technologies.

Meanwhile, Emotet Trojan and Formbook Infostealer climbed the ranking taking second and third place respectively, while Education/Research remained the most targeted industry.

This month saw keylogger AgentTesla take first place as the most widespread malware, impacting 7% of organisations worldwide.

FormBook is now the most prevalent malware, taking over from Emotet, which has held that position since its reappearance in January.

"The threat landscape is evolving rapidly, and mobile malware is a significant danger for both personal and enterprise security.”

Software vendors saw the largest year-on-year growth in 2021 at 146%, according to the 2022 Security Report from Check Point Research (CPR), the threat intelligence arm of the organisation.

There is potential for increased ransomware attacks due to new Emotet samples spreading through Trickbot, according to Check Point Research.

Established Dridex trojan has dropped off altogether after being one of the most popular malwares in recent months amidst a global surge in ransomware. 

"While we are witnessing a huge increase in ransomware attacks worldwide, it is no surprise that this month's top malware is related to the trend."

The Emotet trojan continues to reign as top malware in January, despite international law enforcement taking control of its infrastructure.

In Q4, 43% of all brand phishing attempts related to Microsoft (up from 19% in Q3), as threat actors continued to try to capitalise on people working remotely during the COVID-19 pandemic’s second wave.

The malware has impacted 7% of organisations globally, following a spam campaign which targeted more than 100,000 users per day during the holiday season.

"We've seen ransomware attacks increasing since the start of the coronavirus pandemic, to try and take advantage of security gaps as organisations scrambled to support remote workforces."

Cybercriminals are most likely to impersonate major global tech companies like Apple, Netflix, Yahoo, WhatsApp and PayPal in order to trick people to clicking links or downloading attachments in malicious phishing emails.

Maya Horowitz, Threat Intelligence Group Manager at Check Point explores the major trends in global malware attacks during the first half of 2017.