CISA Cybersecurity Alerts 8.4.22
Ep 26 | 8.4.22

CISA Alert AA22-216A – 2021 top malware strains.


This is a CISA Cybersecurity Alert. ID number Alpha Alpha Two Two tack Two One Six Alpha.

Original release date: August Fourth, twenty twenty two.

This joint Cybersecurity Advisory was coauthored by CISA and the Australian Cyber Security Centre, or ACSC. This advisory provides details on the top malware strains observed in 2021.

In 2021, the top malware strains included remote access Trojans, banking Trojans, information stealers, and ransomware. The most prolific users of malware are cyber criminals, who use malware to deliver ransomware or facilitate theft of personal and financial information.

The alert documentation linked in the show notes includes technical details, mitigations, detection signatures, and indicators of compromise for the top eleven malware strains of 2021. Most of the top malware strains have been in use for more than five years with their respective code bases evolving into multiple variations. Updates made by malware developers, and reuse of code from these malware strains, contribute to the malware’s longevity and evolution into multiple variations.

Malicious actors’ use of known malware strains offers organizations opportunities to better prepare, identify, and mitigate attacks from these known malware strains. In the criminal malware industry, including malware as a service, developers create malware that distributors often broker to malware end-users. Developers of these top 2021 malware strains continue to support, improve, and distribute their malware over several years. Malware developers benefit from lucrative cyber operations with low risk of negative consequences. Many malware developers often operate from locations with few legal prohibitions against malware development and deployment. Some developers even market their malware products as legitimate cyber security tools. 

CISA and ACSC encourage organizations to apply the recommendations in the Mitigations sections of this joint advisory. These mitigations include applying timely patches to systems, implementing user training, securing Remote Desktop Protocol, patching all systems especially for known exploited vulnerabilities, making offline backups of data, and enforcing multifactor authentication for all users when available.

All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or

This report was written by CISA, the United States Cybersecurity and Infrastructure Security Agency, and edited and adapted for audio by the CyberWire as a public service. Please visit www dot cisa dot gov to read the full report which may include additional details, links, and illustrations. A link to this report can be found in the show notes.

This has been a CISA Cybersecurity Alert.