After several months in decline, Exploit kit infections show sharp uplift and deliver a variety of threats, says Check Point
Check Point® Software Technologies Ltd. (NASDAQ: CHKP) has revealed a massive uplift in Exploit Kit usage by cybercriminals worldwide, with Rig making its way onto the list of top ten threats in Kenya and Nigeria according to the company's March Global Threat Impact Index.
Exploit Kits, which are designed to discover and exploit vulnerabilities on machines in order to download and execute further malicious code, have been in decline since a high point in May 2016, following the demise of the leading Angler and Nuclear variants. However, March saw the Rig EK surge up the rankings, being the second most-used malware worldwide throughout the period. The Terror Exploit Kit also increased dramatically in usage in March, and was just one place from making it into the monthly top ten list.
Rig delivers exploits for Flash, Java, Silverlight and Internet Explorer. The infection chain starts with a redirection to a landing page that contains JavaScript, which then checks for vulnerable plug-ins and delivers the exploit. Terror was first detected at the start of December 2016, and contained eight different operational exploits. Both Rig and Terror have been witnessed delivering a wide variety of threats, from ransomware and banking Trojans to spambots and BitCoin miners.
Ransomware proved one of the most profitable tools at cybercriminals' disposal throughout 2016, and with popular Exploit Kits now being used to deliver it, the threat shows no sign of dying down. The fact that three African countries, including Zambia, Malawi and Uganda, are still in the top ten of Check Point's Threat Index, which measures risk by country, is even greater cause for concern.
March 2017's Top 3 'Most Wanted' Malware in Kenya:
1. Sality - Family of file infectors spread by infecting .exe and .scr files and via removable drives and network shares. Systems infected with Sality can communicate over a peer-to-peer (P2P) network for spamming purposes, proxying of communications, and to compromise web servers, exfiltrate sensitive data and coordinate distributed computing tasks to process intensive tasks.
2. Necurs - Botnet used to distribute many malware variants, mostly banking trojans and ransomware. It usually spreads malware based on massive spam campaigns, with zip attachments containing malicious JavaScript code.
3. Hiddad - Android malware which repackages legitimate apps and then releases them to a third-party store. Its main function is displaying ads, however it is also able to gain access to key security details built into the OS, allowing an attacker to obtain sensitive user data.
March 2017's Top 3 'Most Wanted' Malware in Nigeria:
1. Virut - Botnet and malware distributor used in DDoS attacks, spam distribution, data theft and fraud. The malware is spread through infected devices such as USB sticks as well as compromised websites and files.
2. Sality - Family of file infectors spread by infecting .exe and .scr files and via removable drives and network shares. Systems infected with Sality can communicate over a peer-to-peer (P2P) network for spamming purposes, proxying of communications, and to compromise web servers, exfiltrate sensitive data and coordinate distributed computing tasks to process intensive tasks.
3. Gamarue - Modular bot with a loader which downloads additional modules from its C&C server. The loader has both anti-VM and anti-debug features. It injects into trusted processes to hide itself and then deletes the original bot. Infected machines can be harvested for financial credentials and also become part of a large botnet. Gamarue spreads by infecting removable drives such as USB drives or portable hard disks.
Rick Rogers, Area Manager for East and West Africa at Check Point Software Technologies commented: "The dramatic resurgence of Exploit Kits in March illustrates that older threats don't disappear forever - they simply go dormant and can be quickly redeployed. It is always easier for malicious hackers to revisit and amend existing malware families and threat types rather than develop brand new ones, and Exploit Kits are a particularly flexible and adaptable threat type. To deal with the threat from Rig, Terror and other Exploit Kits, organisations need to deploy advanced security systems across the entire network, such as Check Point's SandBlast™ Zero-Day Protection and Mobile Threat Prevention."
The ThreatCloud Map is powered by Check Point's ThreatCloudTM intelligence, the largest collaborative network to fight cybercrime which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database holds over 250 million addresses analysed for bot discovery, more than 11 million malware signatures and over 5.5 million infected websites, and identifies millions of malware types daily.
Check Point's Threat Prevention Resources are available at:http://www.checkpoint.com/threat-prevention-resources/index.html
Distributed by African media Agency on behalf of Check Point Software Technologies
Follow Check Point via:
Twitter: http://www.twitter.com/checkpointsw
Facebook: https://www.facebook.com/checkpointsoftware
Blog: http://blog.checkpoint.com
YouTube: http://www.youtube.com/user/CPGlobal
LinkedIn: https://www.linkedin.com/company/check-point-software-technologies
About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. (www.checkpoint.com) is the largest network cyber security vendor globally, providing industry-leading solutions and protecting customers from cyber attacks with an unmatched catch rate of malware and other types of threats. Check Point offers a complete security architecture defending enterprises - from networks to mobile devices - in addition to the most comprehensive and intuitive security management. Check Point protects over 100,000 organisations of all sizes.
Source: Check Point Software Technologies
