Canadian Underwriter
News

Drop in traditional malware and rise in mobile malware, but vigilance still key: U.S. research


August 19, 2016   by Canadian Underwriter


Print this page Share

The number of active malware families attacking business networks fell by 5% in July – representing the first such decrease in four months – while mobile variants rose, notes new threat research from Check Point Software Technologies Ltd.

Check Point detected 2,300 unique and active malware families attacking business networks in July, the largest network cyber security vendor globally reports in a statement Thursday.

Conficker, a worm that allows remote operations and malware download, accounted for 13% of recognized attacks, remaining the most commonly used malware in July.

That was followed by JBossjmx – a worm that targets systems having a vulnerable version of JBoss Application Server installed and creates a malicious JSP page on vulnerable systems – which accounted for 12% of attacks.

And third was Sality – a virus that allows remote operations and downloads of additional malware to infected systems by its operator – which accounted for 8% of attacks.

“The top 10 families were responsible for 60% of all recognized attacks,” Check Point points out.

Though the first time in four months a drop in the number of unique malware families was detected, “the total number seen still matches the second all-time highest number recorded in a calendar month this year,” the statement notes.

“The continually high levels of active malware variants once again highlights the wide range of threats that organizations’ networks face and the scale of the challenges that security teams have in preventing an attack on their business critical information,” the company notes.

“Despite the overall decrease in active malware, the prevalence of mobile malware increased, accounting for 9% of active malware – up 50% from June,” the statement cautions.

For the fourth consecutive month, HummingBad remained the most commonly used malware to attack mobile devices.

“Mobile malware families continued to pose a significant threat to businesses’ mobile devices during July, with 18 entries in the top 200 overall families.”

The top three mobile families were as follows:

  • HummingBad – Android malware that establishes a persistent rootkit on the device, installs fraudulent applications and enables additional malicious activity;
  • Ztorg – a trojan that uses root privileges to download and install applications on the mobile phone without the user’s knowledge; and
  • XcodeGhost – a compromised version of the iOS developer platform, Xcode, which can inject malicious code into any app that was developed and compiled using it.

“Businesses should not be lulled into a false sense of security by the slight drop in the number of active malware families during July,” advises Nathan Shuchami, Check Point’s head of threat prevention.

Organizations must continue to secure their networks vigilantly, Shuchami emphasizes.

What they need is “advanced threat prevention measures on networks, endpoints, and mobile devices to stop malware at the pre-infection stage,” he says, to help “ensure they are adequately secured against the latest threats.”