Risk cryptominer on top in the second half of the year 2017

Risk cryptominer are on top in the second half of the year 2017 as according to a report of Check Point Software Technologies, which published today about the global threat trends in the second half of the year 2017, revealing that Cyber criminals are increasingly reach for. cryptominers to develop illegal sources of income, while the ransomware and malvertising still exerts a strong influence on organizations around the world.

In the period from July to December 2017 year one in five organisations has been invaded by malware type cryptominer, a tool that allows cybercriminals to gain processing power CPU or GPU offerings and existing resources in order to extracting refreshed, using even 65% of CPU.

The report, published by Check Point, provides a detailed picture of cyber threats; includes the most popular categories of malicious software for banking, mobile devices, and type of ransomware and is based on data from the System CheckPoint ThreatCloud, collected in the period from July to December 2017. Company Check Point in his report draws attention to the key tactics they apply cybercriminals attacking the company.

Zagrożenia cryptominer i inne - mapa

Risk cryptominer on top in the second half of the year 2017 and other key trends

The researchers Check Point have detected a number of important trends, including:

Boom on the tunneling programs refreshed. While programs such as cryptominers are commonly used for mining, growing public interest in virtual currencies slowed the process of retrieval, because its speed depends directly on the amount of the holders . This slow increase computing power needed for mining exploration, prompting criminals to look for new ways to use computing resources anything niepodejrzewającej community.

Reducing the number of Exploit Kit lenses. Until last year, the Exploit Kits were the main vectors of attack. However, in 2017 year use the exploits have been significantly reduced, while individual platforms have become more secure. Quick response to new vulnerabilities disclosed in these products by security providers and leading developers of browsers and automatic updates drastically shelf of new exploits.

Increasing the number of operations type of Scam and Malspam. Throughout the year 2017 the relationship between infections based on HTTP and SMTP has shifted to SMTP, with 55% in the first half of the year 2017 to 62% in the second. The rise in popularity of these distribution methods attracted experienced hackers who apply advanced practice, including different ways to use vulnerabilities in the documents, particularly in Microsoft Office.

Mobile malware reaches corporations. In the past year we have witnessed several attacks originating from mobile devices to enterprise. This includes mobile devices that act as a proxy server, run by malware MilkyDoor and used to collect private data of an enterprise network. Another type is the mobile malware such as Switcher, which tries to attack the network elements (e.g. routers) to redirect traffic to a malicious server, that is under the control of the attacker.

Maya Horowitz, head of the ds. Hazard analysis at Check Point, commented the following:

The second half of the year 2017 is the time in which the cryptominer-type programs have conquered the world, becoming a favorite way of earnings. Although it is not a completely new type of threats, the growing popularity of, and the value of the mining has led to a significant increase in malware distribution, for their extraction. In 2017 continued trends that began in the year 2016, such as ransomware, that is still the leading vector of attacks used both to global attacks and target-specific organizations. 25% of attacks that we have seen in this period exploits the vulnerabilities detected for more than a decade ago, and less than 20% of the uses of the vulnerabilities found in the last few years is so clear that even many organizations must ensure that complete security against attacks.

The most frequently detected malicious software in the second half of the year 2017

  1. Roughted (15.3%)-malware provider spares ad ad-blockery, responsible for a series of scams, exploits and viruses. It can be used to attack any type of platforms and operating systems. Bypasses ad-blockery, and by identifying to selects the most suitable type of attack.
  2. Coinhive (8.3%)-cryptominer software, designed for digging out refreshed Monero without the user's consent, at the time when you visit a website. Coinhive appeared only in September 2017, but was detected in 12% of organizations around the world.
  3. Locky (7.9%)-malware, ransomware, which spreads mainly through spam e-mail messages, hidden Word attachments or Zip, which encrypts user files.

The most commonly detected in the second half of the year 2017 ransomware

  1. Locky (30%)-software that spreads mainly through spam e-mail messages, hidden Word attachments or Zip, which encrypts user files.
  2. Globeimposter (26%)-distributed by spam and malware campaigns's exploits. After you encrypt, ransomware software appends the extension. crypt to each encrypted file.
  3. WannaCry (15%)-ransomware, which has spread in an attack on a large scale in may 2017 year using Windows SMB exploit called EternalBlue, to move after and between networks.

The most frequently detected malicious mobile software in the second half of the year 2017

  1. Hidad (55%)-malicious software on Android, which repackages legal applications, and then publish it in the store. Is able to get access to key security settings built into your operating system, allowing an attacker to obtain confidential data.
  2. Triad (8%)-modular backdoor on Android, which grants the administrator permissions fetched harmful software, helping build it into the system processes. Has also been observed that the triad spoofs URLs open in a browser.
  3. Lotoor (8%)-hacking tool, which uses vulnerabilities in the operating system Android to get root privileges.

The most frequently detected malicious software Bank in the second half of the year 2017

  1. Ramnit (34%)-Trojan, which steals banking credentials, FTP passwords, cookies and personal data.
  2. Zeus (22%)-Trojan attacker Windows platform, often using them to steal banking information by using the log pushed keys and capture forms.
  3. Tinba (16%)-Trojan, which steals the credentials of the victim using the injected code, activated when the user tries to log on to your bank's website.

The statistics in this report are based on data from the system ThreatCloud Check Point in the period from July to December 2017. ThreatCloud Check Point is the largest organized network to fight cyber crime, that provides data about threats and trends of attacks based on the global sensor network threats. ThreatCloud database contains more than 250 million addresses analysed for detecting bots, more than 11 million malware signatures and over 5.5 million malicious websites. Daily identifies millions of malicious programs.



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.