Check Point Software
Technologies Ltd. has revealed the number of malware attacks increased in October, as the
company released its monthly Global Threat Index, a ranking of the most
prevalent malware families attacking organizations’ networks.
Check Point’s Threat
Intelligence Research Team found that both the number of active malware
families and number of attacks increased by 5% during the period, pushing the
number of attacks on business networks to near peak levels, as seen earlier
this year. Locky ransomware attacks continued to rise, moving it up from third
to second place, while the Zeus banking Trojan moved up two spots, returning it
to the top three.
“Attackers want to be as
stealthy as possible to reduce the chance they will be detected. Thus, business
can no longer continue to operate a traditional security model. To fight these
growing threats, enterprises needs intelligent next generation threat
prevention solutions.” said Bhaskar Bakthavatsalu, Managing Director, Check
Point, India & SAARC, “Business should look towards implementing prevention
based security initiatives so as to provide a healthy cyber security system. A
prevention based approach helps identify both known and unknown threats and
stop them real time.” he added.
The reason for Locky’s
continued growth is the constant variation and expansion of its distribution
mechanism, which is primarily through spams emails. Its creators are
continually changing the type of files used for downloading the ransomware,
including doc, xls and wsffiles,
as well as making significant structural changes to the spam emails. The actual ransomware itself is nothing
exceptional, but cybercriminals are investing a lot of time into maximizing the
number of machines that become infected by it. For the seventh consecutive
month, HummingBad, an android malware that establishes a
persistent root kit to carry out an array of malicious purposes, remained the most common malware used to attack
mobile devices.
Once again Conficker
retained its first place position as the world’s most prevalent malware, responsible
for17% of recognized attacks. Both second placed Locky, which only started its
distribution in February of this year, and third placed Zeus, were responsible
for 5% of known attacks.
· ↔ Conficker– Worm that allows remote operations and
malware download. The infected machine is controlled by a bot-net, which
contacts its Command & Control server to receive instructions.
· ↑ Locky– Ransomware, which started its distribution in
February 2016, and spreads mainly through spam emails containing a downloader
disguised as a Word or Zip file attachment, which then downloads and installs
the malware that encrypts the user files.
· ↑ Zeus - Trojan that targets Windows platforms
and is often used to steal banking information by man-in-the-browser keystroke
logging and form grabbing.
Mobile malware families
continued to pose a significant threat to businesses, with 15 of the top 200
malware families targeting mobile devices. The three most common mobile
families were:
· ↔ HummingBad– Android malware that establishes a
persistent rootkit on the device, installs fraudulent applications and enables
additional malicious activity such as installing a key-logger, stealing
credentials and bypassing encrypted email containers used by enterprises.
· ↔ Triada– Modular Backdoor for Android which grants
super-user privileges to downloaded malware, as helps it to get embedded into
system processes. Triada has also been seen spoofing URLs loaded in the
browser.
· ↑ XcodeGhost– A compromised version of the iOS
developer platform, Xcode. This unofficial version of Xcode was altered so that
it injects malicious code into any app that was developed and compiled using
it. The injected code sends app information to a Command &Control server,
allowing the infected app to read the device clipboard.
Nathan Shuchami, Head of
Threat Prevention at Check Point explained, “With the number of attacks and
malware families increasing, the scale of the challenge organizations face in
ensuring their networks remain secure is tremendous. The fact the top ten
malware remained virtually the same as September suggests that cybercriminals
have enjoyed a considerable amount of success with these attack methods,
signaling to organizations that they need to proactively respond to protect
their critical business assets. It is particularly concerning that a malware
family as established and well known as Conficker is so effective, suggesting
that organizations aren’t using the latest, multi-layered defenses.”
“To protect themselves,
organizations must take a comprehensive approach and have advanced threat
prevention measures on networks, endpoints and mobile devices to stop malware
at the pre-infection stage, such as Check Point’s SandBlast Zero-Day Protection
and Mobile Threat Prevention solutions, to ensure that they are adequately
safeguarded from the latest threats,” added Shuchami.
Check Point’s threat index
is based on threat intelligence drawn from its Threat Cloud World Cyber Threat Map, which tracks how and where cyberattacks are
taking place worldwide in real time. The Threat Map is powered by Check Point’s
ThreatCloud intelligence, the largest collaborative network to fight
cybercrime, which delivers threat data and attack trends from a global network
of threat sensors. The ThreatCloud database holds over 250 million addresses
analyzed for bot discovery, over 11 million malware signatures and over 5.5
million infected websites, and identifies millions of malware types daily.
No comments:
Post a Comment