Freely subscribe to our NEWSLETTER

The report is based on threat intelligence data drawn from Check Point’s ThreatCloud
World Cyber Threat Map<https://threatmap.checkpoint.com/Th...>
between January and June 2016 and highlights the key tactics cyber-criminals are
using to attack businesses.

Top malware

1. Conficker 17.4% - Worm that allows remote operations and malware download.
The infected machine is controlled by a botnet, which contacts its Command & Control
server to receive instructions.

2. Sality 8.5% - Virus that allows remote operations and downloads of
additional malware to infected systems by its operator. Its main goal is to persist
in a system and provide means for remote control and installing further malware.

3. ZeroAccess 3.7% - Worm that targets Windows platforms allowing remote
operations and malware download. Utilizes a peer-to-peer (P2P) protocol to download
or update additional malware components from remote peers.

4. Hummingbad 3.6% (72% of all mobile attacks) - Android malware that
establishes a persistent rootkit on the device, installs fraudulent applications and
enables additional malicious activity such as installing a key-logger, stealing
credentials and bypassing encrypted email containers used by enterprises.

5. Cutwail 3.3% - Botnet mostly involved in sending spam e-mails, as well as
some DDOS attacks. Once installed, the bots connect directly to the command and
control server, and receive instructions about the emails they should send. After
they are done with their task, the bots report back to the spammer exact statistics
regarding their operation.

Top ransomware

1. Cryptowall 44% - Ransomware that started as a Cryptolocker doppelgänger,
but eventually surpassed it. After the takedown of Cryptolocker, Cryptowall became
one of the most prominent ransomwares to date. Cryptowall is known for its use of
AES encryption and for conducting its C&C communications over the Tor anonymous
network. It is widely distributed via exploit kits, malvertising and phishing
campaigns.

2. Cerber 19% - the world’s biggest ransomware-as-a-service scheme. Cerber
is a franchise scheme, with its developer recruiting affiliates who spread the
malware further for a cut of the profits.

3. Locky 13% - Ransomware, which started its distribution in February 2016,
and spreads mainly via spam emails containing a downloader disguised as a Word or
Zip file attachment, which then downloads and installs the malware that encrypts the
user files.

Top banking malware

1. Dorkbot 31% - IRC-based Worm designed to allow remote code execution by its
operator, as well as download additional malware to the infected system, with the
primary motivation being to steal sensitive information and launch denial-of-service
attacks.

2. Zeus 27% - Trojan that targets Windows platforms and often used to steal
banking information by man-in-the-browser keystroke logging and form grabbing.

3. Tinba 16% - Banking Trojan which steals the victim’s credentials using
web-injects, activated as the users try to login to their bank website.

Check Point found that zip files are the most common malicious filetype, followed by
.exe and PDF.

Conclusion

The first half of 2016 demonstrates the nature of today’s cyber threat landscape.
Many old malware threats remain prominent, while at the same time newcomers have
swiftly risen to prominence. Malware is also demonstrating a long tail distribution
with a small number of families responsible for a major part of the attacks, while
thousands of other malware families are rarely seen. Lastly, we see that most cyber
threats are global and cross-regional.

The statistics in this report are based on data drawn from the ThreatCloud World
Cyber Threat Map between January and June 2016. Check Point’s ThreatCloud is the
largest collaborative network to fight cybercrime, delivering the most up-to-date
threat data and cyberattack trends from a global network of threat sensors. The
ThreatCloud database identifies millions of malware types daily, and contains more
than 250 million addresses analyzed for bot discovery, as well as over 11 million
malware signatures and 5.5 million infected websites.