Threat research for November 2016 reveals both Locky and Cryptowall attacks increased by 10% over the past
month
SAN CARLOS, Calif., Dec. 13, 2016 (GLOBE NEWSWIRE) -- Check Point has revealed that the number of ransomware attacks using Locky
and Cryptowall both increased by 10% in November as the company released its monthly Global Threat Index, a ranking of the most
prevalent malware families attacking organizations’ network.
Check Point found both the number of active malware families and number of attacks remained close to an all-time high as the
number of attacks on business networks continued to be relentless. Continuing a trend first detected in October, Locky
ransomware continued to increase in prevalence with a further 10% increase in the number of attacks using this family - a pattern
that was mirrored by the fifth most common malware, Cryptowall.
The pattern highlights the growing threat posed to corporate networks by ransomware and suggests that many organizations are
simply paying ransoms to secure the return of their files, making it an attractive - and lucrative - attack vector for
cyber-criminals. For the eighth consecutive month, HummingBad remains the most common malware used to attack mobile devices.
Once again Conficker retained its position as the world’s most prevalent malware, responsible for 15% of recognized attacks.
Second-placed Locky, which only started its distribution in February of this year, was responsible for 6% of all attacks and
third-placed Sality was responsible for 5% of known attacks. Overall the top ten malware families were responsible for 45% of all
known attacks.
1. ↔ Conficker –
Worm that allows remote operations and malware download. Infected machines are controlled by a botnet, which contacts its Command &
Control server to receive instructions.
2. ↔ Locky –
Ransomware, which started its distribution in February 2016, and spreads mainly via spam emails containing a downloader disguised
as a Word or Zip file attachment, which then downloads and installs the malware that encrypts the user files. Locky was the
no.1 malware family in the largest amount of countries (34 countries compared to Conficker, which was the top malware in 28
countries).
3. ↑ Sality - Virus that
allows remote operations and downloads of additional malware to infected systems by its operator. Its main goal is to persist in a
system and provide means for remote control and installing further malware.
The Ramnit banking trojan saw the largest increase in attacks globally in November, entering Check Point’s top 10 ranking for
the first time as the 6th most common malware. It more than doubled its amount of infections since last October,
and was mainly seen in Turkey, Brazil, India, Indonesia and the U.S. Ramnit is used to steal banking credentials, FTP passwords,
session cookies and personal data.
Mobile malware families continued to pose a significant threat to businesses. The three most common mobile families were:
- ↔ HummingBad – Android malware that
establishes a persistent rootkit on the device, installs fraudulent applications and enables additional malicious activity such
as installing a key-logger, stealing credentials and bypassing encrypted email containers used by enterprises.
- ↔ Triada – Modular Backdoor for Android
which grants super-user privileges to downloaded malware, as helps it to get embedded into system processes. Triada has also been
seen spoofing URLs loaded in the browser.
- ↑ Ztorg – Trojan that uses root
privileges to download and install applications on the mobile phone without the user’s knowledge.
Nathan Shuchami, Head of Threat Prevention at Check Point explained, “Ransomware attacks are still growing in volume for a
simple reason – they work and generate significant revenues for the attackers. Organizations are struggling to effectively
counteract the threat posed by this insidious attack form; many simply don't have the right defenses in place, and may not have
educated staff on how to recognize the signs of a potential ransomware attack in incoming emails. This, of course, only makes
it even more attractive to criminals.
“Organizations must use advanced threat prevention measures on networks, endpoints and mobile devices to stop malware at the
pre-infection stage, such as Check Point’s SandBlast™ Zero-Day Protection, Threat Extraction, and Mobile Threat Prevention
solutions, to ensure that they are adequately secured against the latest threats,” added Shuchami.
Check Point’s threat index is based on threat intelligence drawn from its ThreatCloud World Cyber Threat Map, which tracks how and where cyberattacks are taking place
worldwide in real time. The Threat Map is powered by Check Point’s ThreatCloud™ intelligence, the largest collaborative
network to fight cybercrime, which delivers threat data and attack trends from a global network of threat sensors. The
ThreatCloud database holds over 250 million addresses analyzed for bot discovery, over 11 million malware signatures and over 5.5
million infected websites, and identifies millions of malware types daily.
Check Point’s Threat Prevention Resources are available at: http://www.checkpoint.com/threat-prevention-resources/index.html
Follow Check Point via:
Twitter: http://www.twitter.com/checkpointsw
Facebook: https://www.facebook.com/checkpointsoftware
Blog: http://blog.checkpoint.com
YouTube: http://www.youtube.com/user/CPGlobal
LinkedIn: https://www.linkedin.com/company/check-point-software-technologies
INVESTOR CONTACT: Kip E. Meintzer Check Point Software Technologies +1.650.628.2040 ir@checkpoint.com MEDIA CONTACT: Emilie Beneitez Lefebvre Check Point Software Technologies Tel: +44 (0) 7785 381 302 press@checkpoint.com
