Story image

Check Point names February’s most disruptive malware

12 Mar 2019

Check Point Research has published its latest Global Threat Index for February 2019.

The index reveals that Coinhive has once again led the Global Threat Index for the 15th consecutive month, despite the announcement that its services have been shut down from March 8, 2019.

Check Point's researchers have also discovered several widespread campaigns distributing the GandCrab ransomware that have targeted Japan, Germany, Canada and Australia.

These nations are just part of the targeted countries.

These operations have emerged over the last two months, and Check Point's researchers noticed a new version of the ransomware being distributed in one of the latest campaigns.

The new version, Gandcrab V5.2, includes most of the features of the last, but with a change in the encryption method that causes the decryption tool for previous versions of the ransomware to be ineffective.

In February, the most prevalent malware variants were cryptominers.

Coinhive remains the top malware, impacting 10% of organisations worldwide.

This follows a downward trend in Coinhive's global impact, from 18% in October 2018 to 12% in January 2019 and with a 2% drop this month.

This decrease has been caused by the rising cost of mining along with the decline in Monero's value.

Cryptoloot rose to second place in February replacing XMRig, and was followed by Emotet, an advanced, self-propagate and modular Trojan, which replaced Jsecoin in third place in the index.

Check Point threat intelligence and research director Maya Horowitz says, “As we saw in January, threat actors continue to exploit new ways to distribute malware, while creating new and more dangerous variants of existing malware forms.

“GandCrab's new version proves once again that although there are malware families that stay in the top malware list for several months and seems to be static, they are actually evolving and being developed to evade detection.

“To effectively combat this, our researchers continuously trace them based on their malware family DNA – so it's essential that organisations keep their security solutions fully updated,” she says.

February 2019's Top 3 Most Wanted Malware: 

1.       Coinhive - Cryptominer designed to perform online mining of Monero cryptocurrency when a user visits a web page without the user's knowledge or approval the profits with the user. The implanted JavaScript uses a great deal of the computational resources of end users' machines to mine coins, and may crash the system.

2.       Cryptoloot - Cryptominer that uses the victim's CPU or GPU power and existing resources for crypto mining - adding transactions to the blockchain and releasing new currency. It is a competitor to Coinhive, trying to pull the rug under it by asking a smaller percentage of revenue from websites.

3.       Emotet – Advanced, self-propagating and modular Trojan. Emotet once used to employed as a banking Trojan, and recently is used as a distributor for other malware or malicious campaigns. It uses multiple methods for maintaining persistence and evasion techniques to avoid detection. In addition, it can be spread through phishing spam emails containing malicious attachments or links.

This month Lotoor is the most prevalent mobile malware, replacing Hiddad at first place in the top mobile malware list. Triada remains in third place.

February's Top 3 Most Wanted Mobile Malware:

1.       Lotoor - Hack tool that exploits vulnerabilities on Android operating system in order to gain root privileges on compromised mobile devices.

2.       Hiddad - Android malware which repackages legitimate apps and then released them to a third-party store. Its main function is displaying ads, however it is also able to gain access to key security details built into the OS, allowing an attacker to obtain sensitive user data.

3.       Triada - Modular Backdoor for Android which grants superuser privileges to downloaded malware, as helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.

Check Point's researchers also analysed the most exploited cyber vulnerabilities.

CVE-2017-7269 is still leading the top exploited vulnerabilities with 45%.

OpenSSL TLS DTLS Heartbeat Information Disclosure is the second most prevalent vulnerability with a global impact of 40%, followed by Web servers PHPMyAdmin Misconfiguration Code Injection exploit, impacting 34% of organisations worldwide.

February's Top 3 Most Exploited vulnerabilities:

1.      Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow (CVE-2017-7269) - By sending a crafted request over a network to Microsoft Windows Server 2003 R2 through Microsoft Internet Information Services 6.0, a remote attacker could execute arbitrary code or cause a denial of service conditions on the target server. That is mainly due to a buffer overflow vulnerability resulted by improper validation of a long header in HTTP request.

2.      OpenSSL TLS DTLS Heartbeat Information Disclosure (CVE-2014-0160; CVE-2014-0346) - An information disclosure vulnerability exists in OpenSSL. The vulnerability is due to an error when handling TLS/DTLS heartbeat packets. An attacker can leverage this vulnerability to disclose memory contents of a connected client or server.

3.      Web servers PHPMyAdmin Misconfiguration Code Injection - A code injection vulnerability has been reported in PHPMyAdmin. The vulnerability is due to PHPMyAdmin misconfiguration. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request to the target.

SingleRAN Pro: Combining simplicity and openness for a 5G future
Huawei's SingleRAN Pro solution supposedly offers an open, simplified networking concept to help operators roll out commercial 5G networks.
Gartner recognizes Huawei's data center networking expertise
The Gartner Peer Insights Customers’ Choice analyzes more than 200,000 reviews across more than 300 markets posted to Gartner Peer Insights. 
How Huawei aims to enhance IP networks
'We believe that the intelligent IP networks built with the four-engine series products can continuously empower users with business intelligence."
Earth Day 2019: How tech firms can support our planet's wellbeing
Six industry experts explain how they - and other tech organisations - can positively contribute to the wellbeing of our earth.
CyrusOne signs up three new senior execs for Europe
CyrusOne has appointed three new senior hires in its growing Europe-based team, including a new area vice president, engineering solutions director, and business development manager.
Dell EMC’s six server market trends
As the evolution of cloud-based computing continues, it is important to know what’s ahead to stay ahead of the market.
Park Place Technologies hires new EMEA managing director
Post-warranty data centre maintenance company Park Place Technologies has recruited Sean Sears as its new managing director for Europe, the Middle East and Africa.
Huawei FusionServer Pro built for 'intelligent transformation'
The next generation X86 servers draw on an intelligent acceleration engine, an intelligent management ending, and intelligent data center solutions for ‘diverse’ scenarios as transformation shifts from digital to intelligent.