This latest Cyber Attack Trends report from Check Point provides a comprehensive overview of the malware landscape within ransomware, banking and mobile threats. The report is based on threat intelligence data drawn from the ThreatCloud World Cyber Threat Map between January and June 2017.
At a glance, 2016 saw the birth of several new sophisticated malware which revealed new capabilities, distribution methods and attack services. 2017 however, is shedding light on a new trend- the creation of simple, yet highly effective malware families which cause rapid destruction globally. The ‘WannaCry’ ransomware caused unprecedented damage to public infrastructure as well as medical facilities around the world. Despite the seriousness of these attacks it was found that 99% of organisations still have not put in place the necessary cyber security technologies to prevent these kinds of attacks. The bottom line is that companies cannot afford to take these risks anymore and that with the right security mechanism implemented, these threats can be prevented.
NATION-STATE CYBER WEAPONS ARE NOW IN THE HANDS OF CRIMINALS
Several incidents detailed below show how data leakage incidents have significantly evolved in sophistication, frequency and the volume of data being accessed:
- Thousands of documents detailing the CIA’s efforts for hacking into iPhones, Android devices and Smart TV’s were released.
- The Shadow Brokers threat group carried out what is considered to be the most damaging release yet which involved the leak of NSA exploits and hacking tools.
- WannaCry ransomware, although poorly written, exhibited extraordinary lateral movement capabilities. The leaked code served to upgrade a simple ransomware into one of the most influential global attacks observed in recent years, impacting a large proportion of public and civil facilities.
- ‘NotPetya’ focused on Ukrainian organisations, managing to take down entire networks.
THE LINE BETWEEN ADWARE AND MALWARE IS FADING AND MOBILE ADWARE BOTNETS ARE ON THE RISE
- The Fireball malware demonstrated a new breed of adware, this browser-hijacker was capable of executing any arbitrary code on its victim’s machine. This has led to a major change in the approach to adware.
- ‘HummingWhale’, the new variant of the infamous HummingBad malware, managed to not only develop a brand-new tactic to steal ad revenues but also was able to penetrate Google’s security and upload dozens of apps to Google Play.
- Checkpoint unravelled an auto-clicking adware, ‘Judy’, which might be the largest malware infection ever to hit Google Play.
- CopyCat infected 14 million Android devices and managed to root approximately 8 million of the devices. It earnt hackers a staggering $1.5 million in fake ad revenues in just 2 months.
MACRO-BASED DOWNLOADERS CONTINUE TO EVOLVE
- The first half of 2017 shows that it is not just the malware itself that is continuing to evolve; the same is true for its delivery methods. It was reported that attackers can now exploit Microsoft office files without the need for victims to first open the door by enabling macros.
- In June, a brand-new method of exploitation was uncovered which involved abusing PowerPoint’s Element Definitions. By modifying the XML data of a slide an attacker can set and alter the actions performed by the different elements in the slide. This scenario coined ‘Hover mouse’ involves a victim being sent a PowerPoint presentation which displays only a hyperlink. When the user passes the mouse over the hyperlink, a PowerShell script is called, which then downloads and executes the malicious payload.
NEW WAVE OF MOBILE BANKERS ON GOOGLE PLAY
Mobile bankers belonging to the ‘BankBot’ family managed to enter the Google play store undetected and infect users. Although this malware should have been easy to detect, the attackers combined open-sourced banking malware code with complex obscure techniques to successfully and repeatedly bypass Google’s protections.
SUMMARY AND RECOMMENDATIONS
As is evident from the data, cybercriminals aren’t slowing down. If anything, malware is becoming far more effective at spreading laterally throughout organisations to rapidly cause large scale damage. Considering all the news highlighting cyber risks these days, it’s shocking to consider that only 1% of organisations have implemented the necessary precautionary solutions for prevention.