Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Locky Ransomware Attackers Take Christmas Vacation, Shows Check Point Research

January 2017 by Check Point

Check Point® Software Technologies Ltd has revealed that Locky ransomware
attacks have dramatically decreased during December 2016. These findings are part of
Check Point’s monthly Global Threat Index, a ranking of the most prevalent malware
families attacking organizations’network.

Loky, which uses massive spam campaigns as a major distribution vector, only
surfaced in 2016 but has rapidly become one of the most popular tools for
cybercriminals, part of a growing trend for ransomware cyberattacks that encrypt
data on the target machine and demand payment in return for decrypting it. In
December, Check Point recorded an 81% drop in the average number of Locky infections
per week, compared with the weekly averages of October and November causing it to
drop out of the top 10 global malware families for the first time since June 2016.

Overall, Check Point tracked an 8% decrease in the number of recognized malware
attacks on organizations in December, which could be attributed to a Christmas
holiday slowdown. A similar decrease was witnessed last December with 9% fewer
attacks than the previous months - with numbers returning to normal levels in
January.

Globally, Conficker remained the most prevalent malware type, accounting for 10% of
all known attacks during the period. It was followed by Nemucod in second place with
5%, and Slammer with 4% of the recognized attacks. Overall, the top ten malware
families were responsible for 42% of all known attacks.

1. ? Conficker - Worm that allows remote operations and malware download. The
infected machine is controlled by a botnet, which contacts its Command & Control
server to receive instructions.

2. ? Nemucod - JavaScript or VBScript downloader which is commonly used to
download ransomware variants or other malicious payloads.

3. ? Slammer - Memory resident worm targeted to attack Microsoft SQL 2000. By
propagating rapidly, the worm can cause a denial of service condition on affected
targets.

Check Point’s research also revealed the most prevalent mobile malware during
December 2016, and once again attacks against Android devices significantly more
common than iOS. The top three mobile malware were:

1. ? Hummingbad - Android malware that establishes a persistent rootkit on
the device, installs fraudulent applications, and with slight modifications could
enable additional malicious activity such as installing a key-logger, stealing
credentials and bypassing encrypted email containers used by enterprises.

2. ? Triada - Modular Backdoor for Android which grants superuser privileges
to downloaded malware, as helps it to get embedded into system processes. Triada has
also been seen spoofing URLs loaded in the browser.

3. ? Ztorg - Trojan that uses root privileges to download and install
applications on the mobile phone without the user’s knowledge.

Nathan Shuchami, Head of Threat Prevention at Check Point said: "The massive
decrease in Locky attacks during December is part of a wider trend which saw malware
attacks decrease by around 8% compared to the previous months. Organizations should
be under no illusions - this is not a reason to rest on their laurels. The most
likely cause genuinely is that cybercriminals have opted to take a Christmas holiday
too - perhaps to spend some of the fruits of their labours. Ransomware remains a
threat that businesses need to take seriously into 2017."

The ThreatCloud Map is powered by Check Point’s ThreatCloudTM intelligence, the
largest collaborative network to fight cybercrime which delivers threat data and
attack trends from a global network of threat sensors. The ThreatCloud database
holds over 250 million addresses analyzed for bot discovery, over 11 million malware
signatures and over 5.5 million infected websites, and identifies millions of
malware types daily.


* The complete list of the top 10 malware families in December can be found on the
Check Point Blog.


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts