Supply chain to email, mobile and cloud, no environment is immune to cyber attacks

Check Point Software Technologies Ltd released its “Cyber Attacks Trends: 2019 Mid-Year Report”, revealing that no environment is immune to cyber attacks. Threat actors continue to develop new tool sets and techniques, targeting corporate assets stored on the cloud infrastructure, individuals’ mobile devices, trusted third-party supplier applications, and even popular mail platforms.

Mobile banking: With over 50% increase in attacks when compared to 2018, banking malware has evolved to become a very common mobile threat. Today, banking malware is capable of stealing payment data, credentials and funds from victims’ bank accounts, and new versions of these malware are ready for massive distribution by anyone that’s willing to pay.

Software supply chain attacks: Threat actors are extending their attack vectors, such as focusing on the supply chain. In software supply chain attacks, the threat actor typically installs a malicious code into legitimate software, by modifying and infecting one of the building blocks that the software relies upon.

Email: Email scammers have started to employ various evasion techniques designed to bypass security solutions and anti-spam filters, such as encoded emails, images of the message embedded in the email body, as well as complex underlying codes, which mix plain text letters with HTML characters. Additional methods allowing scammers to remain under the radar of anti-spam filters and reaching targets’ inbox, include, social engineering techniques, as well as varying and personalizing email content.

Cloud: The growing popularity of public cloud environments has led to an increase in cyber-attacks targeting enormous resources and sensitive data residing within these platforms. The lack of security practices, such as misconfiguration and poor management of the cloud resources, remains the most prominent threat to the cloud ecosystem in 2019, subjecting cloud assets to a wide array of attacks.

Maya Horowitz, Director, Threat Intelligence & Research, Products, Check Point, said: “Be it cloud, mobile or email, no environment is immune to cyber attacks. In addition, threats such as targeted ransomware attacks, DNS attacks and cryptominers will continue to be relevant in 2019. Security experts need to stay attuned to the latest threats and attack methods to provide their organizations with the best level of protection.”

Top botnet malware during H1 2019

Emotet (29%) – Emotet is an advanced, self-propagate and modular Trojan. Emotet once used to employ as a banking Trojan, and recently is used as a distributer to other malware or malicious campaigns. It uses multiple methods for maintaining persistence and evasion techniques to avoid detection. In addition, it can be spread through phishing spam emails containing malicious attachments or links.

Dorkbot (18%) – IRC-based worm designed to allow remote code execution by its operator, as well as the download of additional malware to the infected system, with the primary motivation being to steal sensitive information and launch denial-of-service attacks.

Trickbot (11%) – Trickbot is a Dyre variant that emerged in October 2016. Since its first appearance, it has been targeting banks mostly in Australia and the UK. Lately, it has started appearing also in India, Singapore and Malaysia.

Top cryptominers during H1 2019

Coinhive (23%) – A cryptominer designed to perform online mining of the Monero cryptocurrency without the user's approval when a user visits a web page.  Coinhive only emerged in September 2017, but hit 12% of worldwide organizations.

Cryptoloot (22%) – A JavaScript cryptominer, designed to perform online mining of Monero cryptocurrency when a user visits a web page without the user's approval.

XMRig (20%) – XMRig is open-source CPU mining software used for the mining process of the Monero cryptocurrency, and first seen in-the-wild on May 2017.

Top mobile malware during H1 2019

Triada (30%) – A modular backdoor for Android, which grants super-user privileges to downloaded malware, as it helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.

Lotoor (11%) – Lotoor is a hack tool that exploits vulnerabilities on the Android OS in order to gain root privileges on compromised mobile devices.

Hidad (7%) – An Android malware, which repackages legitimate apps. It then releases them to a third-party store. It is able to gain access to key security details built into the OS, allowing an attacker to obtain sensitive user data.

Top banking malware during H1 2019

Ramnit (28%) - A banking Trojan that steals banking credentials, FTP passwords, session cookies and personal data.

Trickbot (21%) - Trickbot is a Dyre variant that emerged in October 2016. Since its first appearance, it has been targeting banks, mostly in Australia and the UK. Lately, it has started appearing also in India, Singapore and Malaysia.

Ursnif (10%) - Ursnif is Trojan that targets the Windows platform. It is usually spread through exploit kits - Angler and Rig, each one at its time. It has the capability to steal information related to Verifone Point-of-Sale (POS) payment software. It contacts a remote server to upload collected information and receive instructions. Moreover, it downloads files on the infected system and executes them.

Cyber Attack trends: The H1 Annual Report 2019, gives a detailed overview of the cyber threat landscape. These findings are based on data drawn from Check Point’s ThreatCloud intelligence between January and June 2019, highlighting the key tactics cyber-criminals are using to attack businesses.