How can I help you? Start Chat

US Phone: 1-866-488-6691
International Phone: +44-2036087492

  • E-Mail
  • Facebook
  • LinkedIn
  • Twitter

Check Point Press Releases

Check Point’s Threat Index Reveals RoughTed and Fireball Drop-off in July

RoughTed malvertising campaign has remained the most prevalent malware in July, despite drop in infections; Fireball continued to decline after the arrest of its suspected distributors


San Carlos, CA  —  Mon, 21 Aug 2017

Check Point® Software Technologies Ltd. (NASDAQ: CHKP) reveals that according to its latest Global Threat Impact Index, the number of organizations impacted by the RoughTed malvertising campaign fell by more than a third during July, from 28% to 18%.

RoughTed is a large-scale malvertising campaign used to deliver malicious websites and payloads such as scams, adware, exploit kits and ransomware. Despite its drop-off, RoughTed remained the most prevalent form of malware during July. Hacker Defender, a user-mode rootkit for Windows, increased to second place and affected 5% of organizations globally.

The Index also reveals a sharp decline in the prevalence of Fireball, which fell to third place. In July, it impacted 4.5% of organizations, down from 20% of organizations only two months ago, following the arrest of the suspected distributors during the month.

“The drop in Fireball is encouraging and can be related to the arrest of its suspected distributors in China. This highlights the positive impact that law enforcement authorities can have when working in tandem with the cyber security industry,” said Maya Horowitz, Threat Intelligence Group Manager at Check Point.

July 2017’s Top 3 ‘Most Wanted’ Malware:

*The arrows relate to the change in rank compared to the previous month.

  1. ↔ RoughTed – Large scale Malvertising used to deliver various malicious websites and payloads such as scams, adware, exploit kits and ransomware. It can be used to attack any type of platform and operating system, and utilizes ad-blocker bypassing and fingerprinting in order to make sure it delivers the most relevant attack.
  2. ↑ Hacker Defender – User-mode Rootkit for Windows, can be used to hide files, processes and registry keys, and also implements a backdoor and port redirector that operates through TCP ports opened by existing services. This means it is not possible to find the hidden backdoor through traditional means.
  3. ↓ Fireball – Browser-hijacker that can be turned into a full-functioning malware downloader. It is capable of executing any code on the victim machines, resulting in a wide range of actions from stealing credentials to dropping additional malware.

For the first time in 2017, Hummingbad did not appear in the top three of the most common mobile malware as spyware. This month, TheTruthSpy had the highest impact on organizations mobile estates – followed by Lootor and Triada.

Top 3 ‘Most Wanted’ mobile malware:

  1. TheTruthSpy – Mobile spyware which can be installed in stealth mode and used to track and record data from a device.
  2. Lotoor – Hack tool that exploits vulnerabilities on Android operating system in order to gain root privileges on compromised mobile devices.
  3. Triada – Modular Backdoor for Android which grants super-user privileges to downloaded malware and helps it embed into system processes. Triada has also been spoofing URLs loaded in the browser.

“It is encouraging to see highly infectious malware variants becoming less impactful, but it is critical that organizations do not see this as a signal that they can drop their guard. While RoughTed’s effectiveness dropped considerably, nearly one in five organizations were still impacted by it during July. It is also important to be aware that as soon as one avenue for attackers is shut down, cyber-criminals quickly devise new malware forms to attack targets with. Organizations in every industry need a multi-layered approach to their cyber security.

SandBlast™ Zero-Day Protection and Mobile Threat Prevention, for example, protect against the widest range of continually evolving attack types, and also protect against zero-day malware variants,” concluded Horowitz.

Check Point’s Global Threat Impact Index and its ThreatCloud Map is powered by Check Point’s ThreatCloud intelligence, a collaborative network to fight cybercrime which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database holds over 250 million addresses analyzed for bot discovery, more than 11 million malware signatures and over 5.5 million infected websites, and identifies millions of malware types daily.

* The complete list of the top 10 malware families in July can be found on the Check Point Blog:  http://blog.checkpoint.com/2017/08/21/julys-wanted-malware-roughted-fireball-decrease-stay-prevalent/

Check Point’s Threat Prevention Resources are available at:  //www.checkpoint.com/threat-prevention-resources/index.html

Follow Check Point via:
Check Point Research: https://research.checkpoint.com
Twitter: http://www.twitter.com/checkpointsw
Facebook: https://www.facebook.com/checkpointsoftware
Blog: http://blog.checkpoint.com
YouTube: http://www.youtube.com/user/CPGlobal
LinkedIn: https://www.linkedin.com/company/check-point-software-technologies

About Check Point Software Technologies Ltd.

Check Point Software Technologies Ltd. (www.checkpoint.com) is the largest network cyber security vendor globally, providing industry-leading solutions and protecting customers from cyberattacks with an unmatched catch rate of malware and other types of threats. Check Point offers a complete security architecture defending enterprises – from networks to mobile devices – in addition to the most comprehensive and intuitive security management. Check Point protects over 100,000 organizations of all sizes.