Check Point’s Threat research for October 2016 reveals both the number of malware variants and recognized attacks increased by 5% during the period
Check Point Software Technologies Ltd. revealed the number of malware attacks increased in October, as the company released its monthly Global Threat Index, a ranking of the most prevalent malware families attacking organizations’ networks.
Check Point’s Threat Intelligence Research Team found that both the number of active malware families and number of attacks increased by 5% during the period, pushing the number of attacks on business networks to near peak levels, as seen earlier this year. Locky ransomware attacks continued to rise, moving it up from third to second place, while the Zeus banking Trojan moved up two spots, returning it to the top three.
Bhaskar Bakthavatsalu, Managing Director, Check Point, India & SAARC said, “Attackers want to be as stealthy as possible to reduce the chance they will be detected. Thus, business can no longer continue to operate a traditional security model. To fight these growing threats, enterprises needs intelligent next generation threat prevention solutions. Business should look towards implementing prevention based security initiatives so as to provide a healthy cyber security system. A prevention based approach helps identify both known and unknown threats and stop them real time.”
Once again Conficker retained its first place position as the world’s most prevalent malware, responsible for17% of recognized attacks. Both second placed Locky, which only started its distribution in February of this year, and third placed Zeus, were responsible for 5% of known attacks.
- Conficker– Worm that allows remote operations and malware download. The infected machine is controlled by a bot-net, which contacts its Command & Control server to receive instructions.
- Locky– Ransomware, which started its distribution in February 2016, and spreads mainly through spam emails containing a downloader disguised as a Word or Zip file attachment, which then downloads and installs the malware that encrypts the user files.
- Zeus – Trojan that targets Windows platforms and is often used to steal banking information by man-in-the-browser keystroke logging and form grabbing.
Mobile malware families continued to pose a significant threat to businesses, with 15 of the top 200 malware families targeting mobile devices. The three most common mobile families were: - HummingBad– Android malware that establishes a persistent rootkit on the device, installs fraudulent applications and enables additional malicious activity such as installing a key-logger, stealing credentials and bypassing encrypted email containers used by enterprises.
- Triada– Modular Backdoor for Android which grants super-user privileges to downloaded malware, as helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.
- XcodeGhost– A compromised version of the iOS developer platform, Xcode. This unofficial version of Xcode was altered so that it injects malicious code into any app that was developed and compiled using it. The injected code sends app information to a Command &Control server, allowing the infected app to read the device clipboard.
Nathan Shuchami, Head of Threat Prevention at Check Point explained, “With the number of attacks and malware families increasing, the scale of the challenge organizations face in ensuring their networks remain secure is tremendous. The fact the top ten malware remained virtually the same as September suggests that cybercriminals have enjoyed a considerable amount of success with these attack methods, signaling to organizations that they need to proactively respond to protect their critical business assets. It is particularly concerning that a malware family as established and well known as Conficker is so effective, suggesting that organizations aren’t using the latest, multi-layered defenses.”
