Ransomware, Mobile Botnets and EK Trends Swell in 2016

Conficker remains the world’s most common malware, accounting for 17.4% of infections—but ransomware, mobile botnets and more gained big ground in the first part of 2016.

That’s according to Check Point’s H1 2016 Global and Regional Trends of the ‘Most Wanted’ Malware report, based on threat intelligence data drawn from Check Point’s ThreatCloud World Cyber Threat Map between January and June 2016.

It shows first and foremost that the year will go down as a prime year for ransomware. While Cryptowall is the king of the ransomware segment, with 44% prevalence, attacks have increased in quantity, variety, efficiency and sophistication. Barraging users and organizations of all sizes, criminals are now creating new and revamped ransomware using every possible type of attack vector. Behind Cryptowall, Cerber, Locky, Teslacrypt and TorrentLocker all hold significant market share.

The report points to the attack on the Hollywood Presbyterian Medical Center in Los Angeles as an inflection point for the segment. The attack encrypted the entire system, including patient records and other sensitive information. The attackers demanded and received 40 Bitcoins—around $17,000 at the time of the payment.

“This attack was a major milestone in the ransomware epidemic, which has continued to grow ever since,” the report said.

Hummingbad overwhelmingly dominates mobile malware, accounting for 72% of infections and coming in as the fourth most-prevalent malware overall.

The top banking malware is Dorkbot, with 31% of infections and a position as the sixth most-common malware out there, followed by classic Zeus, with 27%, and Tinba, with 16%.

The report also indicates that attackers still love using exploit kits to spread malware. These kits, which have an alarming success rate, leverage vulnerabilities in web browsers and operating systems to install malware without the user’s knowledge or consent.

“As we have seen in the case of the Nuclear Exploit Kit, this can be an extremely profitable business for developers who rent their kit to attackers worldwide,” the report noted. “Interestingly, there has been a shift in the exploit kit arena since the beginning of 2016. We have witnessed the decline of two of the largest exploit kits in the wild, Angler and Nuclear, and the rise of Neutrino and Rig Exploit Kits, as seen in the recent Cerber campaign.”

In 2016, a new form of malware distribution appeared in the mobile world—botnets. A botnet is a group of devices (PCs, laptops, or mobile phones) controlled by hackers without the owners’ knowledge. The larger the botnet, the greater its capabilities.

Check Point detected the Viking Horde and DressCode botnets, which managed to infiltrate Google Play and target hundreds of thousands of users. So far, mobile botnets have been used mainly to generate fraudulent traffic and ad clicks. However, they can be leveraged to achieve disruptive goals, such as DDoS attacks which can have a devastating effect on organizations of all sizes.

“The first half of 2016 demonstrates the nature of today’s cyber-threat landscape,” Check Point noted. “Many old malware threats remain prominent, while at the same time, newcomers arrive and take the world by storm. On top of that, malware demonstrates a long-tail distribution with a small number of families responsible for a major part of the attacks, while thousands of other malware families are rarely seen. Lastly, we see that most cyber-threats are global and cross-regional, with the top threats appearing in all three regions.”

Photo ©polygraphs

What’s Hot on Infosecurity Magazine?