Cybergangs are joining forces under affiliate groups and “as-a-service” models, warns Maya Horowitz, director of threat intelligence research at Check Point Research. The trend is fueling a thriving cybercrime underground economy, she said.

Several malware gangs have teamed up over the past year – including the FIN6 cybercrime group and the operators of TrickBot. The goal is to help fill criminal skill gaps and ultimately be a more potent threat to victims.


Here are the top malware families to watch out for



Emotet was the leading malware or threat group for 2020. It was taken down just a couple of weeks ago. The extent to which this malware has spread is unknown, but, at least for now, it is not a threat.

But the question isn’t just which of them would be most popular, but also about partnerships. Emotet wasn’t just about the botnet. It was actually about the next-stage payload because they had partnered with some of the top ransomware families.

Consequently, I think that the question is both about how the botnet is distributed and what the next-stage malware will be, and which one will have the ability to distribute some of the top ransomware, like Ryuk and others. We’ll have to wait and see which one takes the lead.


Critical partnerships for ransomware gangs


We’ve seen some exciting partnerships between different malware variants. The TrickBot malware has also been used to deploy ransomware and other types of malware. In addition, Emotet, whose recent takedown has shaped the malware landscape quite a bit, and we’ve seen different similar takedowns and arrests in the past, including those with Egregor and other malware.


Malware: As-a-Service vs. Partnerships


In some cases, the malware groups would split; in other cases, they would pay for the service, regardless of whether they got money from the victim. That also plays a part in whether it’s a service or a virtual collaboration and joint venue. However, we have even observed that some APT groups use malware-as-a-service for details of their attack chains in some cases. Creating this part of the attack could save time and resources, but it could also be a smokescreen so that researchers won’t be able to understand who the attackers are because they’re using generic tools. Therefore, we see all these collaborations between different groups, but it’s not just cyber criminals; it’s also APTs.


Initial attack vector: Remote Desktop Protocol


We have been seeing more and more vulnerabilities and exploits for different VPN clients. We have also been seeing more and more attacks on RDP, remote desktop protocol. Regarding ransomware, in 2020, most of the ransomware attacks did not even start with emails; they started by exploiting RDP vulnerabilities. That means that threat actors understand that there’s a new attack vector. It’s not a new attack vector, just more robust and more vulnerable than in the past.


Best Practices in Cybersecurity for Enterprises


Human beings, or human error, make cybersecurity awareness to employees so essential and, in many cases, neglected. Threat actors exploit both technology and human vulnerabilities. Therefore, the answer can be split into two parts, one for the technology and security patches. 


No matter what business you begin in 2022, Canadian Cloud Backup can provide the backup, storage, and disaster recovery support you need. And with File Sync, Office 365, and Hosted Exchange, operations will be seamless, and productivity will be off the charts. 


If your business idea involves providing cloud support to your clients, you can partner with us to white label our solutions


Don’t let another year go by without realizing your business dreams and goals. Contact us today to learn more about what we can do for you!

Send a Message