Cybercriminals Deploying Diverse Range of Banking Trojans, Ransomware - Check Point
Fri, Sep 29, 2017 | By publisher
Science & Tech
CHECK POINT® Software Technologies Ltd. revealed that banking trojans were extensively used by cyber-criminals during August, with three variants appearing in the company’s latest Global Threat Impact Index.
The Zeus, Ramnit and Trickbot banking trojans all appeared in the top ten. These Trojans work by identifying when the victim is visiting a banking website, and then use keylogging or webinjects to harvest basic login credentials or more sensitive information such as PIN numbers. Alternatively, Trojans may also direct victims to fake banking websites designed to mimic the legitimate ones and steal credentials that way.
The August Global Threat Impact Index also revealed that Globeimposter, a ransomware disguised as a variant of the Globe ransomware, was the world’s second most prevalent malware throughout the month. Although it was discovered in May 2017, the malware did not begin to rapidly proliferate until August, distributed by spam campaigns, malvertising and exploit kits. Upon encryption, Globeimposter appends the .crypt extension to each encrypted file, and a payment is demanded from victims in return for decrypting their valuable data.
“Financial gain is the major motive for the vast majority of cybercrime, and unfortunately criminals have a wide range of tools at their disposal to achieve this,” Doros Hadjizenonos, country manager of Check Point South Africa, said. “To see both a highly effective ransomware variant and a range of banking Trojans in the top ten most prevalent malware families really underlines how tenacious and sophisticated malicious hackers can be in their attempts to extort money. Organisations need to be both vigilant and proactive in order to protect their networks.”
Top 3 ‘Most Wanted’ Malware in South Africa:
South Africa jumped a considerable 11 places in the Threat Impact Index over the past month, now sitting at number 21 on the list out of all countries worldwide.
- Roughted – Large scale Malvertising used to deliver various malicious websites and payloads such as scams, adware, exploit kits and ransomware. It can be used to attack any type of platform and operating system, and utilises ad-blocker, bypassing and fingerprinting in order to make sure it delivers the most relevant attack.
- Fireball – Adware vastly distributed by the Chinese digital marketing company Rafotech. It acts as a browser-hijacker which changes the default search engine and installs tracking pixels, but can be turned into a full-functioning malware downloader. Fireball is capable of executing any code on the victim machines, resulting in a wide range of actions from stealing credentials to dropping additional malware.
- Globeimposter – Ransomware disguised as a variant of the Globe ransomware. It was discovered in May 2017, and is distributed by spam campaigns, malvertising and exploit kits. Upon encryption, the ransomware appends the .crypt extension to each encrypted file.
Top 3 ‘Most Wanted’ Malware in Kenya:
Kenya’s risk ranking improved, dropping 13 places on the Global ranking in August, moving down to number 39 on the list.
- Roughted – Large scale Malvertising used to deliver various malicious websites and payloads such as scams, adware, exploit kits and ransomware. It can be used to attack any type of platform and operating system, and utilises ad-blocker, bypassing and fingerprinting in order to make sure it delivers the most relevant attack.
- Fireball – Adware vastly distributed by the Chinese digital marketing company Rafotech. It acts as a browser-hijacker which changes the default search engine and installs tracking pixels, but can be turned into a full-functioning malware downloader. Fireball is capable of executing any code on the victim machines, resulting in a wide range of actions from stealing credentials to dropping additional malware.
- Virut – One of the major botnets and malware distributors in the Internet. It is used in DDoS attacks, spam distribution, data theft and fraud. The malware is spread through executables originating from infected devices such as USB sticks as well as compromised websites and attempts to infect any file accesses with the extensions .exe or .scr. Virut alters the local host files and opens a backdoor by joining an IRC channel controlled by a remote attacker.
Top 3 ‘Most Wanted’ Malware in Nigeria:
Nigeria remains amongst the top ten countries at highest risk of cyberattack, currently sitting at number nine on the list after having climbed one position from last month.
- Roughted – Large scale Malvertising used to deliver various malicious websites and payloads such as scams, adware, exploit kits and ransomware. It can be used to attack any type of platform and operating system, and utilises ad-blocker, bypassing and fingerprinting in order to make sure it delivers the most relevant attack.
- Virut – One of the major botnets and malware distributors in the Internet. It is used in DDoS attacks, spam distribution, data theft and fraud. The malware is spread through executables originating from infected devices such as USB sticks as well as compromised websites and attempts to infect any file accesses with the extensions .exe or .scr. Virut alters the local host files and opens a backdoor by joining an IRC channel controlled by a remote attacker.
- Fireball – Adware vastly distributed by the Chinese digital marketing company Rafotech. It acts as a browser-hijacker which changes the default search engine and installs tracking pixels, but can be turned into a full-functioning malware downloader. Fireball is capable of executing any code on the victim machines, resulting in a wide range of actions from stealing credentials to dropping additional malware.
The August Threat Index shows just how diverse and dynamic the cyber threat landscape is. Just a few months ago, Hummingbad was incredibly dominant; however in August it did not even make it into the top ten. Similarly, ransomware has been grabbing most of the cybersecurity headlines, yet well-established banking Trojans are on the rise again.
“It’s vital for organisations to be alert to these shifting threats, to simultaneously keep their defences up against well-known malware families, new variants and new zero-day threats,” Hadjizenonos added. “This requires a multi-layered cybersecurity strategy, which can respond to a broad range of continually evolving attack types.”
Check Point’s Global Threat Impact Index and its ThreatCloud Map is powered by Check Point’s ThreatCloud intelligence, a collaborative network to fight cybercrime which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database holds over 250 million addresses analysed for bot discovery, more than 11 million malware signatures and over 5.5 million infected websites, and identifies millions of malware types daily.
* The complete list of the top 10 malware families in August can be found on the Check Point Blog: //dm-research.us.checkpoint.com/augusts-most-wanted-malware-banking-trojans-and-ransomware-that-want-your-money/
Check Point’s Threat Prevention Resources are available at: http://www.checkpoint.com/threat-prevention-resources/index.html
– Sept. 29, 2017 @ 17:37 GMT |
Related Posts
NFIU is working on identity management system – NFIU CEO
By Christabel Ejenike HAFSAT Abubakar Bakari, the Chief Executive Officer of Nigeria Financial Intelligence Unit, NFIU, says that the NFIU,...
Read MoreNASENI Holds Retreat to Align Goals of its Development Institutes
IN order to achieve greater cohesion amongst its Development Institutes and also sustain their proper alignment with the goals and...
Read MoreBiotechnology society bestows champion award on AATF’s Oikeh
THE Biotechnology Society of Nigeria has awarded Dr Sylvester Oikeh of African Agricultural Technology Foundation (AATF) with its prestigious Champion Award for...
Read MoreMost Read
Subscribe to Our Newsletter
Keep abreast of news and other developments from our website.