Ranking Attacks Doubled in the Second Half of 2016

Check Point® Software Technologies Ltd. (Nasdaq: CHKP) unveils its Global Threat Intelligence Trends report for the second half of 2016, revealing at the same time a doubling of ransomware attacks during this period. Of all the incidents identified worldwide as malware, the percentage of attacks on Ranking went from 5.5% to 10.5% between July and December 2016.

See This : Here are 25 passwords you should avoid!

The “Global Threat Intelligence Trends” report for the second half of 2016 highlights the main tactics used by cyber criminals to tackle businesses and provides a comprehensive, comprehensive view of the cyber threat landscape in the major categories of malware . Namely, banknotes, bank and mobile malware. The report is based on threats analysis information from July to December 2016 in Check Point’s ThreatCloud World Cyber ​​Threat Map.

ransomware attack

Main trends

Check Point researchers detected a number of major trends during the period considered:

• The monopoly of the market for foodstuffs – thousands of new foodstuffs were detected in 2016; Over the past few months we have seen a shift in the ranking landscape as it became increasingly centralized with a few large malware families dominating the market and targeting businesses and organizations of all sizes.

• DDoS attacks via IoT devices – the infamous zombie network Mirai was discovered in August 2016 – the first “Internet botnet” of Objects. It attacks vulnerable digital devices connected to the Internet such as DVRs and CCTV cameras. It transforms them into bots, exploiting infected equipment to launch multiple massive attacks of Distributed Denial of Service (DDoS). It is now known that vulnerable IoT devices are being used in virtually every home and that massive DDoS attacks that will take advantage of them will continue.

• New file extensions used in spam campaigns – the most common infection factor used in malicious spam campaigns throughout the second half of 2016 was in the form of engine-based downloaders Windows Script (WScript). The spam / malware distribution niche has been dominated by downloaders written in Javascript (JS) and VBScript (VBS) as well as variants in less common but similar formats such as JSE, WSF and VBE.

The main malware detected in the 2nd half of 2016:

• Conficker (14.5%) – Worm that paves the way for remote farms and malware downloads. The infected system is controlled by a botnet that connects to its Command & Control server to receive instructions.

• Sality (6.1%) – A virus that allows its operator to perform remote operations and other malware downloads on infected systems. Its main objective is to settle permanently in a system and to provide means to take control of it remotely and install other malware.

• Cutwail (4.6%) – Zombie network mainly involved in sending spam messages as well as some DDoS attacks. Once installed, the zombies connect directly to the command and control server and receive instructions about which emails to send. When they have performed the task assigned to them, the “bots” send an activity report to the spammer, including the exact statistics of their operation.

• JBossjmx (4.5%) – Worm that targets systems that have a vulnerable version of the JBoss Application Server installed. The malware generates a malicious JSP page on vulnerable systems that execute arbitrary commands. In addition, another backdoor is arranged in such a way that it can accept commands from a remote IRC server.

• Locky (4.3%) – Rancongiciel, which appeared in February 2016 and spreads mainly through spam messages with a downloader that looks like an attachment in Word or Zip format; The downloader triggers the downloading and installation of the malware that encrypts the user’s files.

The main rancongiciels identified in the 2nd half of 2016:

In the midst of all internationally-identified attacks, the percentage of attacks by government software nearly doubled in the second half of 2016. The most common variants detected were:

• Locky (41%) – This ranking, which was the third, in terms of frequency, in the first half of the year, increased significantly during the second half of the year.

• Cryptowall (27%) – Rancongiciel, originally a crypto-crypto look-alike but soon surpassed it. After the disappearance of Cryptolocker, Cryptowall has established itself as one of the most important rungs to date. Cryptowall distinguishes itself by its use of the AES encryption method and by its mode of diffusion of its C & C communications, in this case via the Tor anonymous network. It spreads widely through operating kits, malicious advertising and phishing campaigns.

• Cerber (23%) – the most important ransomware-as-a-service mechanism in the world. Cerber adopts a franchise model, its author recruiting affiliates who spread the malware in return for a percentage on profits.

The main mobile malware detected in the second half of 2016:

• Hummingbad (60%) – Malicious Android that was discovered for the first time by the team of researchers Check Point. It grabs a persistent rootkit on the system, installs fraudulent applications and, with minor modifications, could allow other malicious activities to develop, such as installing a keylogger, Theft of identifiers and the bypass of encrypted email containers used by businesses.

• Triada (9%) – Modular backdoor for Android devices that grants superuser privileges to a previously downloaded malware and helps it get embedded in system processes. It was also found that Triada spoofed URLs loaded into the browser.

• Ztorg (7%) – Trojan horse that uses root privileges to download and install applications on the mobile phone without the user noticing it.

The main banking malware:

• Zeus (33%) – Trojan horse that targets Windows platforms and is often used to steal banking information by typing “man in browser” and retrieving forms.

• Tinba (21%) – Banking Trojan horse that subtilises the victim’s IDs by using Web injections. It is activated when the user tries to identify himself on the internal site of his bank.

• Ramnit (16%) – A banking Trojan that steals banking credentials, passwords FTP passwords, session cookies and personal data.

“The report explains the nature of today’s cyber-environment, with fast-moving attacks on software,” said Maya Horowitz, director of Check Point’s Threat Intelligence group. “This phenomenon is simply explained by the fact that they are effective and that they generate significant revenues for the pirates. Companies are struggling to effectively counteract the threat: many do not have the right protective measures and probably have not trained their teams to identify signs of a potential attack by The emails they receive. ”

“Our data also shows that a small number of families are responsible for the majority of attacks, while thousands of other malware families rarely occur,” says Maya Horowitz. “Most cyber threats have a global and trans-regional dimension. Nevertheless, APAC (Asia-Pacific) region stands out because the map of its main malware families includes 5 families that do not appear on the map of other regions. ”

The statistics in this report are based on data from the ThreatCloud World Cyber ​​Threat Map. Check Point’s ThreatCloud is the largest collaborative anti-cyber crime network. It provides data on the most up-to-date cyber-attacks and threats from the market, as collected by a global network of threat sensors. The ThreatCloud database daily identifies millions of malware types and contains more than 250 million addresses analyzed for bots identification, as well as more than 11 million malware signatures and 5.5 million websites Infected.

Press Release by Check Point
Share Your Comments
Previous A Virus that Attack Macs Called "XAGENT"
Next Bringing back lost Skype users with skype lite Planned By Microsoft

About author

You might also like