Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Risk of Malware Infections Increased by Nearly One-Fifth for UK Businesses in December 2015, Shows Check Point Research

February 2016 by Check Point

Check Point has revealed that the risk of an UK organisation being infected by malware increased by 17% in December 2015, while the number of active malware families increased by 25%. Check Point identified more than 1,500 different malware families active during December, up from 1,200 in November 2015.

Globally, Conficker remained the most prevalent malware type, accounting for 25% of all known attacks during the period - significantly higher than second placed Sality, which accounted for 9% of attacks. Conficker, and the third placed Necurs variant, focus on disabling security services to create more vulnerabilities in the network, enabling them to be compromised further and used for launching DDoS and spam attacks.

The top three malware variants used to attack UK networks during November were:

1. Conficker – machines infected by Conficker are controlled by a botnet. It also disables security services, leaving computers even more vulnerable to other infections.

2. Kelihos – a botnet commonly involved in bitcoin theft and spamming, it uses peer-to-peer communications to enable each individual mode to act as a command and control server.

3. HackerDefender – a user-mode Rootkit for Windows that is used to hide files, processes and registry keys. Also implements a backdoor and port redirector that operates through TCP ports opened by existing services, meaning it is not possible to find the hidden backdoor through traditional means.

During the month, the UK was the 99th most attacked country globally, rising from 116th during November 2015. By comparison it was attacked more than the USA (122) and Republic of Ireland (116) but less than Germany (94), Spain (87) and France (59).

Check Point’s research also revealed the most prevalent mobile malware during December 2015, and once again attacks against Android devices significantly more common than iOS. The top three mobile malware were:

1. ? Xinyin - Observed as a Trojan-Clicker that performs Click Fraud on Chinese ad sites.

2. ? AndroRAT – Malware that is able to pack itself with a legitimate mobile application and install without users’ knowledge, allowing a hacker full remote control of an Android device.

3. ? Ztorg - Trojan that uses root privileges to download and install applications on the mobile phone without the user’s knowledge.

Nathan Shuchami, Head of Threat Prevention at Check Point said: “The increase in active malware during December highlights the severity of the threat posed to organizations networks and sensitive data. As a result organizations should be pushing cyber-security to the top of their agendas for 2016, as cyber-criminals continually find new ways to attack networks, so that they can be equally relentless in robustly securing their networks.”

During December 2015, Check Point issued threat alerts about the rapid increase in ransomware infections using Teslacrypt, which spreads using the Angler Exploit Kit. Angler is also associated with the spread of the Necurs and Bedep malware, which were both in the top 10 attacks against UK organisations.

Check Point also warned about a mobile malware agent targeting Android devices. The Association of Banks in Singapore (ABS) announced it had detected a mobile Trojan designed to steal financial information from mobile device users. Check Point’s analysis showed the trojan was a version of an existing financial data-stealer called GMBot, which is downloaded onto devices by tricking users with fake URLs disguised inside a popup update alert.

The data is based on threat intelligence drawn from its ThreatCloud World Cyber Threat Map, which tracks how and where cyberattacks are taking place worldwide in real time. The ThreatCloud Map is powered by Check Point’s ThreatCloudTM intelligence, the largest collaborative network to fight cybercrime which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database holds over 250 million addresses analyzed for bot discovery, over 11 million malware signatures and over 5.5 million infected websites, and identifies millions of malware types daily.


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts