The Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) jointly released an advisory on the malware strains observed most often in 2021.

With data breaches and ransomware attacks making headlines throughout 2021 and 2022, malware remains a critical issue for enterprise cybersecurity teams. According to the advisory, top observed malware categories in 2021 included ransomware, remote access Trojans (RATs), information stealers and banking Trojans.

Common malware seen in 2021

CISA and ACSC noted the longevity of many of the top malware strains, with over half of the most commonly seen strains having been in circulation for five years or longer. The joint advisory identified 11 top malware strains:

  1. Agent Tesla: RAT
  2. AZORult: Trojan
  3. Formbook: Trojan
  4. Ursnif: Trojan
  5. LokiBot: Trojan
  6. MOUSEISLAND: Macro downloader
  7. NanoCore: RAT
  8. Qakbot: Trojan
  9. Remcos: RAT
  10. TrickBot: Trojan
  11. GootLoader: Loader

Of those eleven strains, Qakbot and Ursnif have been used for more than 10 years. The advisory identified top distributors of malware to be cybercriminals, including nation-state actors, cybercrime rings and those using and spreading Malware as a Service.

Protecting your enterprise from malware

CISA and ACSC recommended multiple steps enterprise cybersecurity teams can enact to better protect their organizations from cyberattacks and malware threats, including initiating regular system backups; updating software promptly; enabling multi-factor authentication; monitoring for cyber threats to the enterprise network; and leading cybersecurity awareness training for all relevant stakeholders.

For more information, read the advisory.