Malware strains are like a bad habit — the type that can evolve into something far worse. The typical lifespan of the most-prevalent malware strains found in 2021 was at least five years, according to a joint advisory from the Cybersecurity and Infrastructure Security Agency and the Australian Cyber Security Centre.
Malware code bases are commonly reused and transformed into variant strains to add new capabilities and dodge threat hunters. Among the top 11 malware strains of 2021, malicious actors have used eight for at least five years and circulated two strains for more than a decade, the agencies said.
The most frequently observed strains include viruses, worms, Trojans, ransomware, spyware and rootkits. For 2021, 11 strains made the top malware list: Agent Tesla, AZORult, FormBook, Ursnif, LokiBot, MOUSEISLAND, NanoCore, Qakbot, Remcos, TrickBot and GootLoader.
TrickBot, the only malware strain singled out by CISA and its Australian counterpart for being “developed and operated by a sophisticated group of malicious actors,” is often used by threat actors to deploy Conti ransomware.
The FBI describes Conti ransomware as “the costliest strain of ransomware ever documented,” and CISA warned it has evolved into a highly modular, multi-stage malware.
“Developers of these top 2021 malware strains continue to support, improve and distribute their malware over several years. Malware developers benefit from lucrative cyber operations with low risk of negative consequences,” the agencies said.
The agencies advised critical infrastructure organizations to update software, enforce multifactor authentication, secure and monitor remote desktop protocol, maintain offline data backups and train employees to prepare for and mitigate these threats.