Check Point, a security research and technology company, announced that they discovered a 15 percent increase in May in the number of global malware families. They detected 2,300 active and unique malware families that specifically target business networks. The malware families perform a wide range of malicious activities including (but not limited to) keylogging, stealing credentials, downloading more malware, performing remote operations, and installing fraudulent applications.
These are the top 10 malware families that are responsible for 60% of all malware attacks (in order from most prominent):
- Conficker - Conficker malware disables Microsoft Windows systems security services, thus allowing it to conduct various operations remotely, download more malware, and steal credentials. Machines that are infected with this malware are controlled by a botnet that contacts its Command and Control center to receive instructions.
- Tinba - Tinba is a banking trojan that steals login credentials through web injections. It becomes activated when victims attempt to log in to their online banking account. This malware is also referred to as Tiny Banker or Zusy.
- Sality - This virus infects Microsoft Windows systems and allows more malware to be downloaded. It also allows for remote operations. According to Check Point, “due to its complexity and ability to adapt, Sality is widely considered to be one of the most formidable malware to date.”
- JBossjmx - This malware targets systems that use a vulnerable version of the JBoss Application Server.
- Hummingbad - see below
- Zeroaccess - This is a worm that targets Windows platforms and allows for remote operations and additional malware downloads.
- Zeus - This is a trojan virus that targets Windows systems and steals banking information by using keylogging and form grabbing.
- Angler EK - This is an exploit kit that utilizes zero day vulnerabilities in Flash and other programs.
- Virut - Virut is a botnet that spreads through executable file infection (USB sticks and other media) and through HTML files, which means it can be caught just by visiting an infected website. It is used to perform Denial of Service attacks, spam, fraud, and data theft.
- Cutwail - This is involved in sending spam emails and in Denial of Service attacks.
Mobile malware is an increasingly common problem as more businesses adopt a mobile strategy. 6 of the top 100 malware families attack mobile devices, most of them targeting Android (while some target iOS). The top 3 mobile malware families are:
- HummingBad - This is an Android malware that enables an unauthorized user to take control of the phone undetected. It then allows that user to install fraudulent applications and could possibly allow the user to install a keylogger, steal credentials, and bypass encrypted email containers.
- Iop - This Android malware installs new applications and it displays excessive advertisements on the device, so many that the victim will be unable to use the device anymore.
- XcodeGhost - Xcode is an iOS developer platform and XcodeGhost is an unofficial version of it. The ghost version injects malware into any application that was developed within it. The malicious code sends information to a Command and Control center, thus allowing any infected app to read the device’s clipboard.
Nathan Shuchami, head of threat prevention, Check Point said, "We continue to see a significant increase in the number of unique and active malware families targeting business networks, which speaks to the effort hackers are putting into creating new zero-day attacks and the scale of the challenge businesses face in securing their network against cyber criminals. Organizations need to consider using advanced threat prevention measures on networks, endpoints and mobile devices to stop malware at the pre-infection stage to ensure they are effectively secured against the latest threats." (HelpNet Security)