Check Point® Software Technologies Ltd. (NASDAQ: CHKP) today published its latest Threat Index, revealing the number of active malware families increased by nearly two-thirds in the first half of 2016, led by the number of threats to business networks and mobile devices.
During June, Check Point detected 2,420 unique and active malware families attacking business networks, a 61 percent increase compared with January 2016 and a 21 percent increase since April. The continued rise in the number of active malware variants once again highlights the wide range of threats organizations’ networks face, and the scale of the challenges security teams must overcome to prevent an attack on their business critical information.
Conficker remained the most commonly used malware in June, while the HummingBad mobile malware returned to the overall top-three threats across all platforms globally. In a detailed research report, Check Point revealed 85 million devices globally are infected by HummingBad, generating an estimated $300,000 per month in fraudulent ad revenue for the criminals behind it – highlighting how hackers are increasingly targeting mobile devices.
In June, Conficker accounted for 14 percent of recognized attacks for the second month running; while second-placed Sality accounted for 10 percent and third-placed HummingBad for 6 percent of all attacks. The top-10 families were responsible for 50 percent of all recognized attacks.
- ↔ Conficker – Worm that allows remote operations, malware downloads and credential theft by disabling Microsoft Windows systems security services. Infected machines are controlled by a botnet, which contacts its Command & Control server to receive instructions.
- ↑ Sality – Virus that infects Microsoft Windows systems to allow remote operations and downloads of additional malware. Due to its complexity and ability to adapt, Sality is widely considered to be one of the most formidable malware to- date.
- ↑ Hummingbad – Android malware that establishes a persistent rootkit on the device, installs fraudulent applications and enables additional malicious activity such as installing a key-logger, stealing credentials and bypassing encrypted email containers used by enterprises. To-date the malware has infected 85 million mobile devices.
Mobile malware families continued to pose a significant threat to businesses mobile devices during June with the top three remaining unchanged. The top-three mobile families were:
- ↔ HummingBad – Android malware that has infected 85 million mobile devices globally to generate fraudulent advertising revenue. HummingBad establishes a persistent rootkit on the device, installs fraudulent applications and enables additional malicious activity such as installing a key-logger and stealing credentials.
- ↔ Iop – Android malware that installs applications and displays excessive advertising by using root access on the mobile device. The amount of ads and installed apps makes it difficult for the user to continue using the device as usual.
- ↔ XcodeGhost – A compromised version of the iOS developer platform, Xcode. This unofficial version of Xcode was altered so it injects malicious code into any app that was developed and compiled using it. The injected code sends app info to a C&C server, allowing the infected app to read the device clipboard.
“The sustained, significant increase in the number of active malware families targeting business networks during the first half of 2016 highlights the escalating threat levels that organizations are currently facing,” said Nathan Schuchami, head of threat prevention, Check Point “Hackers are putting extensive effort into creating new, sophisticated malware families to defraud companies and steal data. Organizations need advanced threat prevention measures on their networks, endpoints and mobile devices to stop these threats before they fall victim to them.”
Follow Check Point Research via:
About the Check Point Threat Index
Check Point’s Threat Index is based on threat intelligence drawn from its ThreatCloud World Cyber Threat Map, which tracks how and where cyberattacks are taking place worldwide in real time. The Threat Map is powered by Check Point’s ThreatCloudTM intelligence, the largest collaborative network to fight cybercrime which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database holds over 250 million addresses analyzed for bot discovery, over 11 million malware signatures and over 5.5 million infected websites, and identifies millions of malware types daily.
About Check Point Research
Check Point Research provides leading cyber threat intelligence to Check Point Software customers and the greater intelligence community. The research team collects and analyzes global cyber-attack data stored on ThreatCloud to keep hackers at bay, while ensuring all Check Point products are updated with the latest protections. The research team consists of over 100 analysts and researchers cooperating with other security vendors, law enforcement and various CERTs.