Check Point reports surge in ransomware and malware

cyber security

The Israeli data security company found 12% growth in ransomware attacks and 30% growth in malware last month.

Israeli data security company Check Point Software Technologies Ltd. (Nasdaq: CHKP) reports a surge in ransomware and malware attacks in August. The company revealed details about the most prevalent malware families attacking organizations' networks last month.

Check Point found that during August the number of active ransomware families grew by 12% while detected attempted ransomware attacks rose by 30%. Two-thirds of all recognized ransomware families climbed the rankings in August, most of them by at least 100 positions. Check Point believes that the growth in ransomware is a symptom of the relative ease of broadly deploying ransomware once a variant is created, and also of the number of businesses simply paying ransoms to release critical data. This makes it a lucrative and attractive attack vector for cyber-criminals. For the fifth consecutive month, HummingBad remained the most common malware used to attack mobile devices, but the number of detected incidents fell by more than 50%.

Check Point found that the number of unique and active malware families remained similar to previous months, as the use of malware stayed consistently high. Overall, Conficker was the most prominent family accounting for 14% of recognized attacks; second placed JBossjmx accounted for 9%; and Sality was responsible for 9%, ranking in third place. In total, the top ten families were responsible for 57% of all recognized attacks.

Conficker - Worm that allows remote operations and malware download. The infected machine is controlled by a botnet, which contacts its Command & Control server to receive instructions.

JBossjmx - Worm that targets systems having a vulnerable version of JBoss Application Server installed. The malware creates a malicious JSP page on vulnerable systems that executes arbitrary commands. Moreover, another Backdoor is created that accepts commands from a remote IRC server.

Sality - Virus that allows remote operations and downloads of additional malware to infected systems by its operator. Its main goal is to persist in a system and provide means for remote control and installing further malware.

Mobile malware families continued to pose a significant threat to businesses mobile devices during August. The top three mobile families were:

HummingBad - Android malware that establishes a persistent rootkit on the device, installs fraudulent applications and enables additional malicious activity such as installing a key-logger, stealing credentials and bypassing encrypted email containers used by enterprises.

Ztorg - Trojan that uses root privileges to download and install applications on the mobile phone without the user's knowledge.

Triada - Modular Backdoor for Android which grants super-user privileges to downloaded malware, as helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.

Check Point head of threat prevention Nathan Shuchami said, "Businesses face a catch-22 situation when it comes to dealing with ransomware. If they don't pay the ransom they face losing critical data and valuable assets for good; if they do pay, they only encourage cyber-criminals to utilize ransomware as it becomes a lucrative attack vector. To nullify this, organizations need advanced threat prevention measures on networks, endpoints and mobile devices to stop malware at the pre-infection stage, such as Check Point's SandBlast Zero-Day Protection and Mobile Threat Prevention solutions, to ensure that they are adequately secured against the latest threats.

He added, "The number of active malware families continues to remain high as cyber-criminals continue to target business' critical assets. This, together with the range of attack methods utilized by the different families, highlights the scale of the challenge organizations face in securing their network against exploitation by cybercriminals."

Check Point's threat index is based on threat intelligence drawn from its ThreatCloud World Cyber Threat Map, which tracks how and where cyberattacks are taking place worldwide in real time. The Threat Map is powered by Check Point's ThreatCloud intelligence, the largest collaborative network to fight cybercrime, which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database holds over 250 million addresses analyzed for bot discovery, over 11 million malware signatures and over 5.5 million infected websites, and identifies millions of malware types daily.

Published by Globes [online], Israel business news - - on September 20, 2016

© Copyright of Globes Publisher Itonut (1983) Ltd. 2016

cyber security
cyber security
Twitter Facebook Linkedin RSS Newsletters גלובס Israel Business Conference 2018