Check Point has revealed the most common malware families being used to attack organizations’ networks and mobile devices globally in February 2016.
For the first time, malware targeting mobiles was one of the top 10 most prevalent attack types, with the previously-unknown HummingBad agent being the seventh most common malware detected targeting corporate networks and devices. Discovered by Check Point researchers, Hummingbad targets Android devices, establishing a persistent rootkit, installs fraudulent apps and enabling malicious activity such as installing a key-logger, stealing credentials and bypassing encrypted email containers used by enterprises, with the aim of intercepting corporate data.
Check Point identified more than 1,400 different malware families during February. For the second month running, the Conficker, Sality, and Dorkbot families were the three most commonly used malware variants, collectively accounting for 39% of all attacks globally in February.
1. ↔ Conficker – accounted for 25% of all recognized attacks, machines infected by Conficker are controlled by a botnet. It also disables security services, leaving computers even more vulnerable to other infections.
2. ↑Sality – Virus that allows remote operations and downloads of additional malware to infected systems by its operator. Its main goal is to persist in a system and provide means for remote control and installing further malware.
3. ↑Dorkbot – IRC-based Worm designed to allow remote code execution by its operator, as well as download additional malware to the infected system, with the primary motivation being to steal sensitive information and launch denial-of-service attacks.
Check Point’s research also revealed the most prevalent mobile malware during February 2016, and once again attacks against Android devices were significantly more common than iOS. The top three mobile malware families were:
1. ↑ Hummingbad – Android malware that establishes a persistent rootkit on the device, installs fraudulent applications, and enables additional malicious activity such as installing a key-logger, stealing credentials and bypassing encrypted email containers used by enterprises.
2. ↓ AndroRAT – Malware that is able to pack itself with a legitimate mobile application and install without the user’s knowledge, allowing a hacker full remote control of an Android device.
3. ↓ Xinyin – Observed as a Trojan-Clicker that performs Click Fraud on Chinese ad sites.
Nathan Shuchami, Head of Threat Prevention at Check Point said: “The rapid rise in attacks using Hummingbad highlights the real and present danger posed to business networks by unsecured mobile devices and the malware that targets them. Organisations must start to protect their mobile devices with the same robust security as traditional PCs and networks as a matter of urgency. With the range of attack vectors open to hackers, adopting a holistic approach to security that includes mobile devices is critical in protecting both corporate networks and sensitive business data.”
Check Point’s threat index is based on threat intelligence drawn from its ThreatCloud World Cyber Threat Map, which tracks how and where cyberattacks are taking place worldwide in real time. The Threat Map is powered by Check Point’s ThreatCloudTM intelligence, the largest collaborative network to fight cybercrime which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database holds over 250 million addresses analyzed for bot discovery, over 11 million malware signatures and over 5.5 million infected websites, and identifies millions of malware types daily.