Cryptocurrency Mining Presents New Threat to Business, says Check Point
November 2017 by Check Point
Check Point® Software Technologies Ltd. revealed that according to the company’s latest Global Threat Impact Index, cryptocurrency mining was an increasingly prevalent form of malware during October, as organizations were targeted with the CoinHive variant.
As in September, RoughTed and Locky remained the two most prevalent threats. However, there was a new entry to the top three: the ‘Seamless traffic redirector’ malware. This malware silently redirects the victim to a malicious web page, leading to infection by an exploit kit. Successfully infecting the target allows the attacker to download additional malware.
Maya Horowitz, Threat Intelligence, Group Manager at Check Point commented: “The emergence of Seamless and CoinHive once again highlights the need for advanced threat prevention technologies in securing networks against cyber-criminals. Crypto mining is a new, silent, yet significant actor in the threat landscape, allowing threat actors to make significant revenues while victims’ endpoints and networks suffer from latency and decreased performance”.
October 2017’s Top 3 ‘Most Wanted’ Malware:
*Arrows indicate change in rank compared to the previous month.
1. ↔ RoughTed - a purveyor of ad-blocker aware malvertising responsible for a range of scams, exploits, and malware.. It can be used to attack any type of platform and operating system, and utilizes ad-blocker bypassing and fingerprinting in order to make sure it delivers the most relevant attack.
2. ↔ Locky - Ransomware that started its distribution in February 2016, and spreads mainly via spam emails containing a downloader disguised as a Word or Zip attachment and then downloads and installs the malware that encrypts the user files.
3. ↑ Seamless - Traffic Distribution System (TDS), which operates by silently redirecting the victim to a malicious web page, leading to infection by an exploit kit. Successful infection will allow the attacker to download additional malware to the target
The most popular malware used to attack organizations’ mobile assets saw one change from September, with Android ransomware LeakerLocker appearing in 2nd place.
Top 3 ‘Most Wanted’ mobile malware:
1. Triada - Modular Backdoor for Android that grants super-user privileges to downloaded malware and helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.
2. LeakerLocker - Android ransomware that reads personal user data, and then presents it to the user and threatens to leak it online if ransom payments aren’t met.
3. Lotoor - Hack tool that exploits vulnerabilities on Android operating system to gain root privileges on compromised mobile devices.
Check Point’s Global Threat Impact Index and its ThreatCloud Map is powered by Check Point’s ThreatCloud intelligence, the largest collaborative network to fight cybercrime which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database holds over 250 million addresses analyzed for bot discovery, more than 11 million malware signatures and over 5.5 million infected websites, and identifies millions of malware types daily.