TRENDING
key tactics cybercriminals are using to
attack businesses.
Maya Horowitz, Threat Intelligence Group
Manager at Check Point, said: “The first
half of this year saw criminals continue the
trend we observed at the end of 2017 and
take full advantage of stealthy cryptomining
malware to maximise their revenues.
“We’ve also seen increasingly sophisticated
attacks against cloud infrastructures and
multi-platform environments emerging.
These multi-vector, fast-moving, large-scale
Gen V attacks are becoming more and more
frequent and organisations need to adopt
a multi-layered cybersecurity strategy that
prevents these attacks from taking hold of
their networks and data.”
Top cryptominers during H1 2018
1. Coinhive (30%) – A cryptominer
designed to perform online mining of
the Monero cryptocurrency without
the user's approval when a user visits
a web page. Coinhive only emerged in
September 2017 but has hit 12% of
organsations worldwide
2. Cryptoloot (23%) – A JavaScript
cryptominer designed to perform online
mining of Monero cryptocurrency when
a user visits a web page without the
user's approval
3. JSEcoin (17%) – A web-based
cryptominer designed to perform online
mining of Monero cryptocurrency when
a user visits a web page without the
user's approval
Top ransomware during H1 2018
4. Locky
1.
Locky (40%)
(40%) – Ransomware
Ransomware that
that spreads
mainly via
spreads
mainly
spam via
emails
spam containing
emails a
downloader, a disguised
containing
downloader,
as a disguised
Word or zip
attachment,
as
a Word or before
zip attachment,
installing malware
before
that encrypts
installing
malware
the user
that files
encrypts the
5. user
WannaCry
files (35%) – Ransomware that
2. WannaCry
was spread in
(35%)
a large-scale
– Ransomware
attack that
in May
2017,
was
spread
utilising
in a the
large-scale
Windows attack
SMB exploit,
in May
EternalBlue,
2017,
utilising
to the
propagate
Windows
within
SMB and
exploit,
between networks
EternalBlue,
to propagate within and
6. between
Globeimposter
networks
(8%) – Distributed
3. Globeimposter
by spam campaigns,
(8%) malvertising
– Distributed
and spam
by
exploit
campaigns,
kits. Upon malvertising
encryption,
the ransomware
and
exploit kits. Upon
appends
encryption,
the .crypt
extension
the
ransomware
to each appends
encrypted
the file
crypt
extension to each encrypted file
28
INTELLIGENTCIO
Maya Horowitz, Threat Intelligence Group
Manager at Check Point
• Cryptocurrency miners evolve – In
2018, cryptominers have been upgraded
with vastly improved capabilities,
becoming more sophisticated and
even destructive. Motivated by a clear
interest to increase the percentage of
computational resources leveraged and
be even more profitable, cryptominers
today target anything that could
be perceived as being in their way.
Cryptominers have also highly
evolved recently to exploit high-profile
vulnerabilities and to evade sandboxes
and security products in order to expand
their infection rates
Top mobile malware during H1 2018
1. Triada (51%) – A modular backdoor
for Android which grants superuser
privileges to downloaded malware as it
helps it to get embedded into system
processes. Triada has also been seen
spoofing URLs loaded in the browser
2. Lokibot (19%) – A mobile banking trojan
which targets Android smartphones
and turns into a ransomware upon an
attempt of the victim trying to remove
its admin privileges
3. Hidad (10%) – Android malware which
repackages legitimate apps and then
releases them to a third party store. It is
able to gain access to key security details
built into the OS, allowing an attacker to
obtain sensitive user data
Top banking malware during
H2 2017
10. Ramnit
1.
Ramnit (29%)
(29%) – – A A banking
banking trojan
trojan that
steals steals
that
banking
banking
credentials,
credentials,
FTP FTP
passwords, session
session cookies
cookies and
and personal
personal data
data
11. Dorkbot
2.
Dorkbot (22%)–A
(22%) – A banking
banking
trojan
trojan
which
which
steals the victim’s
victim’s credentials
credentials using
using web-
web-
injects, activated
activated as
as the
the user
user tries
tries to to log
log
into their banking
banking website
website
12. Zeus
3.
Zeus (14%)
(14%) – A trojan that targets
Windows platforms and often uses them
to steal banking information by man-in-
the-browser keystroke logging and
form grabbing
Key malware trends in
H1 2018
Check Point researchers detected a
number of key malware trends during
the period, including:
• Hackers move to the cloud – So far
this year, there have been a number
of sophisticated techniques and tools
exploited against cloud storage services.
Several cloud-based attacks, mainly
those involving data exfiltration and
information disclosure, derived from poor
security practices, including credentials
left available on public source code
repositories or the use of weak passwords.
Cryptominers are also targeting
“
WITH
ORGANISATIONS
MOVING MORE
OF THEIR IT
ESTATES AND
DATA TO CLOUD
ENVIRONMENTS,
CRIMINALS ARE
TURNING TO
THE CLOUD TO
EXPLOIT ITS VAST
COMPUTATIONAL
POWER AND
MULTIPLY THEIR
PROFITS.
www.intelligentcio.com