Check Point Research Shows Surge in Active Malware Families During First Half of 2016
July 2016 by Check Point
Check Point Software Technologies Ltd. published its latest Threat Index, revealing the number of active malware families increased by nearly two-thirds in the first half of 2016, led by the number of threats to business networks and mobile devices.
During June, Check Point detected 2,420 unique and active malware families attacking business networks, a 61 percent increase compared with January 2016 and a 21 percent increase since April. The continued rise in the number of active malware variants once again highlights the wide range of threats organizations¡¯ networks face, and the scale of the challenges security teams must overcome to prevent an attack on their business critical information.
Conficker remained the most commonly used malware in June, while the HummingBad mobile malware returned to the overall top-three threats across all platforms globally. In a detailed research report, Check Point revealed 85 million devices globally are infected by HummingBad, generating an estimated $300,000 per month in fraudulent ad revenue for the criminals behind it – highlighting how hackers are increasingly targeting mobile devices.
In June, Conficker accounted for 14 percent of recognized attacks for the second month running; while second-placed Sality accounted for 10 percent and third-placed HummingBad for 6 percent of all attacks. The top-10 families were responsible for 50 percent of all recognized attacks.
1. Conficker - Worm that allows remote operations, malware downloads and credential theft by disabling Microsoft Windows systems security services. Infected machines are controlled by a botnet, which contacts its Command & Control server to receive instructions.
2. Sality - Virus that infects Microsoft Windows systems to allow remote operations and downloads of additional malware. Due to its complexity and ability to adapt, Sality is widely considered to be one of the most formidable malware to- date.
3. Hummingbad - Android malware that establishes a persistent rootkit on the device, installs fraudulent applications and enables additional malicious activity such as installing a key-logger, stealing credentials and bypassing encrypted email containers used by enterprises. To-date the malware has infected 85 million mobile devices.
Mobile malware families continued to pose a significant threat to businesses mobile devices during June with the top three remaining unchanged. The top-three mobile families were:
1. HummingBad - Android malware that has infected 85 million mobile devices globally to generate fraudulent advertising revenue. HummingBad establishes a persistent rootkit on the device, installs fraudulent applications and enables additional malicious activity such as installing a key-logger and stealing credentials.
2. Iop - Android malware that installs applications and displays excessive advertising by using root access on the mobile device. The amount of ads and installed apps makes it difficult for the user to continue using the device as usual.
3. XcodeGhost - A compromised version of the iOS developer platform, Xcode. This unofficial version of Xcode was altered so it injects malicious code into any app that was developed and compiled using it. The injected code sends app info to a C&C server, allowing the infected app to read the device clipboard.
"The sustained, significant increase in the number of active malware families targeting business networks during the first half of 2016 highlights the escalating threat levels that organizations are currently facing," said Nathan Schuchami, head of threat prevention, Check Point. "Hackers are putting extensive effort into creating new, sophisticated malware families to defraud companies and steal data. Organizations need advanced threat prevention measures on their networks, endpoints and mobile devices to stop these threats before they fall victim to them."