February 2020’s Most Wanted Malware: Increase in Exploits Spreading the Mirai Botnet to IoT Devices
March 11 2020 - 6:00AM
Check Point Research, the Threat Intelligence arm of Check Point®
Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of
cyber security solutions globally, has published its latest Global
Threat Index for February 2020.
February saw a large increase in exploits targeting a
vulnerability to spread the Mirai botnet, which is notorious for
infecting IoT devices and conducting massive DDoS attacks. The
vulnerability, known as the “PHP php-cgi Query String Parameter
Code Execution” exploit, ranked 6th in the top exploited
vulnerabilities and impacted 20% of organizations worldwide,
compared to just 2% in January 2020.
The research team is also warning organizations that Emotet, the
second most popular malware this month and the most widespread
botnet operating currently, has been spreading using two new
vectors during February. The first vector was an SMS Phishing
(smishing) campaign targeting users in the U.S.: the SMS
impersonates messages from popular banks, luring victims to click a
malicious link which downloads Emotet to their device. The second
vector is Emotet detecting and leveraging nearby Wi-Fi networks to
spread via brute force attacks using a range of commonly-used Wi-Fi
passwords. Emotet is primarily used as a distributor of
ransomware or other malicious campaigns.
Emotet impacted 7% of organizations globally in February, down
from 13% in January, when it was being spread via spam campaigns
including Coronavirus-themed campaigns. This highlights how
quickly cyber-criminals change the themes of their attacks to try
and maximise infection rates.
“As we saw in January, the most impactful threats and exploits
during February were versatile malware such as XMRig and
Emotet. Criminals seem to be aiming to build the largest
possible networks of infected devices, which they can then exploit
and monetize in a range of different ways, from ransomware delivery
to launching DDoS attacks,” said Maya Horowitz, Director, Threat
Intelligence & Research, Products at Check Point. “As the main
infection vectors are emails and SMS messages, organizations should
ensure their employees are educated about how to identify different
types of malicious spam, and deploy security that actively prevents
these threats from infecting their networks.”
Top malware families*The arrows relate to the
change in rank compared to the previous month.
This month, XMRig moved up to first place,
impacting 7% of organizations globally, followed by
Emotet and Jsecoin impacting 6% and 5% of
organizations worldwide respectively.
- ↑ XMRig - XMRig is an open-source CPU mining
software used for mining the Monero cryptocurrency, and was first
seen in-the-wild on May 2017.
- ↓ Emotet – Emotet is an advanced,
self-propagating and modular Trojan. Emotet used to be primarily a
banking Trojan, but recently has been used as a distributor of
other malware or malicious campaigns. It uses multiple methods for
maintaining persistence, and evasion techniques to avoid detection.
In addition, it can be spread through phishing spam emails
containing malicious attachments or links.
- ↑Jsecoin - Jsecoin is a web-based crypto-miner
designed to perform online mining of Monero cryptocurrency when a
user visits a particular web page. The implanted JavaScript uses a
large amount of the end user machines¿ computational resources to
mine coins, thus impacting the system performance.
Top exploited vulnerabilitiesThis month, the
“MVPower DVR Remote Code Execution” remained the most common
exploited vulnerability, impacting 31% of organizations globally,
closely followed by “OpenSSL TLS DTLS Heartbeat Information
Disclosure” with a global impact of 28%. In the 3rd place
“PHP DIESCAN information disclosure” vulnerability impacting 27% of
organizations
worldwide. 1. ↔
MVPower DVR Remote Code Execution - A remote code
execution vulnerability exists in MVPower DVR devices. A remote
attacker can exploit this weakness to execute arbitrary code in the
affected router via a crafted request.2. ↑ OpenSSL TLS
DTLS Heartbeat Information Disclosure (CVE-2014-0160;
CVE-2014-0346) - An information disclosure vulnerability
exists in OpenSSL. The vulnerability is due to an error when
handling TLS/DTLS heartbeat packets. An attacker can leverage this
vulnerability to disclose memory contents of a connected client or
server.3. ↔ PHP DIESCAN information
disclosure- An information disclosure vulnerability has
been reported in the PHP pages. Successful exploitation could lead
to the disclosure of sensitive information from the server.
Top malware families- MobileThis month
xHelper retained the 1st place in the most
prevalent mobile malware, followed by Hiddad and
Guerrilla.
1. ↔ xHelper- A
malicious application seen in the wild since March 2019, used for
downloading other malicious apps and display advertisement. The
application is capable of hiding itself from the user and reinstall
itself in case it was uninstalled.2. ↑
Hiddad - Hiddad is an Android malware which
repackages legitimate apps and then releases them to a third-party
store. Its main function is to display ads, but it can also gain
access to key security details built into the
OS.3. ↓ Guerrilla-
Guerrilla is an Android Trojan found embedded in multiple
legitimate apps and is capable of downloading additional malicious
payloads. Guerrilla generates fraudulent ad revenue for the app
developers.
Check Point’s Global Threat Impact Index and its ThreatCloud Map
is powered by Check Point’s ThreatCloud intelligence, the largest
collaborative network to fight cybercrime which delivers threat
data and attack trends from a global network of threat sensors. The
ThreatCloud database inspects over 2.5 billion websites and 500
million files daily, and identifies more than 250 million malware
activities every day.
The complete list of the top 10 malware families in February can
be found on the Check Point Blog.
Follow Check Point Research via:Blog:
https://research.checkpoint.com/ Twitter:
https://twitter.com/_cpresearch_
About Check Point Research Check Point Research
provides leading cyber threat intelligence to Check Point Software
customers and the greater intelligence community. The research team
collects and analyzes global cyber-attack data stored on
ThreatCloud to keep hackers at bay, while ensuring all Check Point
products are updated with the latest protections. The research team
consists of over 100 analysts and researchers cooperating with
other security vendors, law enforcement and various CERTs.
About Check Point Software Technologies
Ltd.Check Point Software Technologies Ltd.
(www.checkpoint.com) is a leading provider of cyber security
solutions to governments and corporate enterprises globally.
Check Point’s solutions protect customers from 5th generation
cyber-attacks with an industry leading catch rate of malware,
ransomware and advanced targeted threats. Check Point offers a
multilevel security architecture, “Infinity Total
Protection with Gen V advanced threat prevention”, this
combined product architecture defends an enterprises’ cloud,
network and mobile devices. Check Point provides the most
comprehensive and intuitive one point of control security
management system. Check Point protects over 100,000 organizations
of all sizes.
|
|
MEDIA
CONTACT: |
INVESTOR CONTACT: |
Emilie Beneitez Lefebvre |
Kip E. Meintzer |
Check Point Software Technologies |
Check Point Software Technologies |
press@checkpoint.com |
ir@us.checkpoint.com |
Check Point Software Tec... (NASDAQ:CHKP)
Historical Stock Chart
From Aug 2024 to Sep 2024
Check Point Software Tec... (NASDAQ:CHKP)
Historical Stock Chart
From Sep 2023 to Sep 2024