Check Point detected 2,300 unique and active malware families attacking business networks in May. It was the second month running Check Point has observed an increase in the number of unique malware families, having previously reported a 50 percent increase from March to April. The continued rise in the number of active malware variants highlights the wide range of threats and scale of challenges security teams face in preventing an attack on their business critical information. Most notably:
· While Conficker remained the most commonly used malware in the period, banking malware Trojan Tinba became the second most prevalent form of infection last month, allowing hackers to steal victim’s credentials using web-injects, activated as users try to log-in to their banking website.
· Attacks against mobile devices also remained constant as Android malware HummingBad remained in the overall top 10 of malware attacks across all platforms globally during the period. Despite only being discovered by Check Point researchers in February, it has rapidly become commonly used; indicating hackers view Android mobile devices as weak spots in enterprise security and as potentially high reward targets.
In May, Conficker was the most prominent family accounting for 14 percent of recognized attacks; while second and third placed Tinba and Sality were responsible for 9 percent each. The top ten families were responsible for 60 percent of all recognized attacks.
1. ? Conficker - Worm that allows remote operations, malware downloads, and credential theft by disabling Microsoft Windows systems security services. Infected machines are controlled by a botnet, which contacts its Command & Control server to receive instructions.
Mobile malware families continued to pose a significant threat to businesses mobile devices during May with six entries into the top 100 overall families. Most of these targeted Android, but in a continuation of the trend seen in April several targeted iOS. The top three mobile families were:
1. ? HummingBad - Android malware that establishes a persistent rootkit on the device, installs fraudulent applications, and with slight modifications could enable additional malicious activity such as installing a keylogger, stealing credentials and bypassing encrypted email containers used by enterprises.
2. ? Iop - Android malware that installs applications and displays excessive advertising by using root access on the mobile device. The amount of ads and installed apps makes it difficult for the user to continue using the device as usual.
3. ? XcodeGhost - A compromised version of the iOS developer platform Xcode. This unofficial version of Xcode was altered so that it injects malicious code into any app that was developed and compiled using it. The injected code sends app info to a Command & Control server, allowing the infected app to read the device clipboard.