Site icon Information Security Buzz

Check Point Research Shows Malware Families Targeting Corporate Networks Continues to Grow

Check Point

Threat research for May 2016 shows a continuing rise in the number of active

malware families attacking business networks; banking malware increases

 Check Point㈢ published its latest Threat Index, revealing the number of active global malware families increased by 15 percent in May 2016.

Check Point detected 2,300 unique and active malware families attacking business networks in May. It was the second month running Check Point has observed an increase in the number of unique malware families, having previously reported a 50 percent increase from March to April. The continued rise in the number of active malware variants highlights the wide range of threats and scale of challenges security teams face in preventing an attack on their business critical information. Most notably:

“We continue to see a significant increase in the number of unique and active malware families targeting business networks, which speaks to the effort hackers are putting into creating new zero-day attacks and the scale of the challenge businesses face in securing their network against cyber criminals,” said Nathan Shuchami, head of threat prevention, Check Point. “Organizations need to consider using advanced threat prevention measures on networks, endpoints and mobile devices to stop malware at the pre-infection stage to ensure they are effectively secured against the latest threats.”

In May, Conficker was the most prominent family accounting for 14 percent of recognized attacks; while second and third placed Tinba and Sality were responsible for 9 percent each. The top ten families were responsible for 60 percent of all recognized attacks.

 

  1. Conficker–   Worm that allows remote operations, malware downloads, and credential theft by disabling Microsoft Windows systems security services. Infected machines are controlled by a botnet, which contacts its Command & Control server to receive instructions.
  1. ¤ Tinba– Also referred to as Tiny Banker or Zusy, Tinba is a banking trojan that steals the victim’s credentials using web injections. It becomes activated when users try to login to their banking website.
  1. Sality– Virus that infects Microsoft Windows systems to allow remote operations and downloads of additional malware. Due to its complexity and ability to adapt, Sality is widely considered to be one of the most formidable malware to date.

Mobile malware families continued to pose a significant threat to businesses mobile devices during May with six entries into the top 100 overall families. Most of these targeted Android, but in a continuation of the trend seen in April several targeted iOS. The top three mobile families were:

  1. HummingBad Android malware that establishes a persistent rootkit on the device, installs fraudulent applications, and with slight modifications could enable additional malicious activity such as installing a keylogger, stealing credentials and bypassing encrypted email containers used by enterprises.
  1.  Iop– Android malware that installs applications and displays excessive advertising by using root access on the mobile device. The amount of ads and installed apps makes it difficult for the user to continue using the device as usual.
  1.  XcodeGhost A compromised version of the iOS developer platform Xcode. This unofficial version of Xcode was altered so that it injects malicious code into any app that was developed and compiled using it. The injected code sends app info to a Command & Control server, allowing the infected app to read the device clipboard.

[su_box title=”About Check Point” style=”noise” box_color=”#336588″][short_info id=’74105′ desc=”true” all=”false”][/su_box]

About the Author

Exit mobile version