Features

The threat of mobile malware is rising

Companies urged to protect their mobile devices with the same robust security as traditional PCs and networks.

Research by Check Point Software Technologies, the largest pure-play security vendor globally, has identified more than 1,400 different malware families globally during February this year.

For the second month running, the Conficker, Sality, and Dorkbot families were the three most commonly used malware variants on the company’s threat index, collectively accounting for 39% of all attacks globally in February.

However, Conficker and Sality were only in the seventh and eighth position on the index in Australia, while at the same time, Australia and NZ accounted for over 20% of the global Torpig botnet detections in February.

The company’s research also revealed the most prevalent mobile malware during February 2016, with once again attacks against Android devices significantly more common than iOS.

The top three mobile malware families on the threat index were:

HummingBad – Android malware that establishes a persistent rootkit on the device, installs fraudulent applications, and enables additional malicious activity such as installing a keylogger, stealing credentials and bypassing encrypted email containers used by enterprises.

AndroRAT – Malware that is able to pack itself with a legitimate mobile application and install without the user’s knowledge, allowing a hacker full remote control of an Android device.

Xinyin – Observed as a Trojan-Clicker that performs Click Fraud on Chinese ad sites. For the first time, malware targeting mobiles was one of the top 10 most prevalent attack types, with the previously-unknown HummingBad agent being the seventh most common malware detected targeting corporate networks and devices.

Hummingbad targets Android devices, establishing a persistent rootkit, installs fraudulent apps and enabling malicious activity such as installing a key-logger, stealing credentials and bypassing encrypted email containers used by enterprises, with the aim of intercepting corporate data.

Nathan Shuchami, Head of Threat Prevention at Check Point said the rapid rise in attacks using Hummingbad highlights the real and present danger posed to business networks by unsecured mobile devices and the malware that targets them.

“Controlling one device is fun, but controlling an army of devices is a real money-maker. Botnets are getting bigger and more well-orchestrated, giving hackers a range of malicious capabilities from massive spamming schemes and heavy DDOS attacks to cryptocurrency mining.”

“Organisations must start to protect their mobile devices with the same robust security as traditional PCs and networks as a matter of urgency. “With the range of attack vectors open to hackers, adopting a holistic approach to security that includes mobile devices is critical in protecting both corporate networks and sensitive business data.”

In Australia for example, malware has recently affected Australia’s big four bank’s mobile apps and although Android will continue to be a security concern, it is anticipated that consumers will experience more attacks on iOS because iPhones and iPads continue to gain popularly globally, making them prime, high-value targets for cybercriminals.

David De Laine, Regional Managing Director, ANZ, Check Point, says it really is only a matter of time before cybercriminals climb over the App Store’s walled garden with APTs that utilise exploit packs to achieve privilege escalations, gaining full control over the attacked device.

“Android malware will also become even more evasive. “We’ll start seeing stenographic methods being used in the wild, like decoding executable payloads from strings hidden in image files. “Stealth methods like this (in combination with obfuscation capabilities of off-the-shelf packers and custom encryption) will get much more complicated in 2016 as detection methods get smarter and become more accurate.

“On top of these risks, we’ll experience a trend of cybercriminals using advanced techniques to not only take over and control individual devices but groups of multiple devices.

“Controlling one device is fun, but controlling an army of devices is a real money-maker. Botnets are getting bigger and more well-orchestrated, giving hackers a range of malicious capabilities from massive spamming schemes and heavy DDOS attacks to cryptocurrency mining.”

In February the research pinpointed Australia as number 82 and NZ as 62 on the list of 117 most risky countries in the world. Check Point’s threat index is based on threat intelligence drawn from its ThreatCloud World Cyber Threat Map , which tracks how and where cyberattacks are taking place worldwide in real time.

The Threat Map is powered by ThreatCloud intelligence, the largest collaborative network to fight cybercrime.

It delivers threat data and attack trends from a global network of threat sensors with over 250 million addresses analysed for bot discovery, over 11 million malware signatures and over 5.5 million infected websites, and identifies millions of malware types daily.

The top three most commonly used malware variants and their definitions are: Conficker – machines infected by Conficker are controlled by a botnet.

It also disables security services, leaving computers even more vulnerable to other infections. Sality – Virus that allows remote operations and downloads of additional malware to infected systems by its operator. Its main goal is to persist in a system and provide means for remote control and installing further malware.

Dorkbot – IRC-based Worm designed to allow remote code execution by its operator, as well as download additional malware to the infected system, with the primary motivation being to steal sensitive information and launch denial-of-service attacks.

Send this to a friend