It was the first time in four months Check Point detected a drop in the number of unique malware families, but the total number seen still matches the second all-time highest number recorded in a calendar month this year. The continually high-levels of active malware variants once again highlights the wide range of threats that organizations’ networks face and the scale of the challenges that security teams have in preventing an attack on their business critical information.
In July, Conficker was the most prominent family accounting for 13 percent of recognized attacks; second placed JBossjmx accounted for 12 percent; and third placed Sality was responsible for 8 percent. The top ten families were responsible for 60 percent of all recognized attacks.
1. ? Conficker - Worm that allows remote operations and malware download. The infected machine is controlled by a botnet, which contacts its Command & Control server to receive instructions.
2. ? JBossjmx – Worm that targets systems having a vulnerable version of JBoss Application Server installed. The malware creates a malicious JSP page on vulnerable systems that executes arbitrary commands. Moreover, another Backdoor is created that accepts commands from a remote IRC server.
3. ? Sality - Virus that allows remote operations and downloads of additional malware to infected systems by its operator. Its main goal is to persist in a system and provide means for remote control and installing further malware.
Mobile malware families continued to pose a significant threat to businesses mobile devices during July, with eighteen entries in the top 200 overall families. The top three mobile families were:
1. ? HummingBad - Android malware that establishes a persistent rootkit on the device, installs fraudulent applications, and enables additional malicious activity such as installing a key-logger, stealing credentials and bypassing encrypted email containers used by enterprises.
2. ? Ztorg - Trojan that uses root privileges to download and install applications on the mobile phone without the user’s knowledge.
3. ? XcodeGhost - A compromised version of the iOS developer platform, Xcode. This unofficial version of Xcode was altered so that it injects malicious code into any app that was developed and compiled using it. The injected code sends app info to a C&C server, allowing the infected app to read the device clipboard.
“Businesses should not be lulled into a false sense of security by the slight drop in the number of active malware families during July. The number of active families still remains at near record levels, highlighting the scale of the challenges businesses face in securing their network against cyber-criminals. Organizations must continue to secure their networks vigilantly, said Nathan Shuchami, Head of Threat Prevention at Check Point. “Organisations need advanced threat prevention measures on networks, endpoints, and mobile devices to stop malware at the pre-infection stage, such as Check Point’s SandBlast ™ and Mobile Threat Prevention solutions, to ensure they are adequately secured against the latest threats.”
