During June, Check Point detected 2,420 unique and active malware families attacking business networks, a 61 percent increase compared with January 2016 and a 21 percent increase since April. The continued rise in the number of active malware variants once again highlights the wide range of threats organizations’ networks face, and the scale of the challenges security teams must overcome to prevent an attack on their business critical information.
Conficker remained the most commonly used malware in June, while the HummingBad mobile malware returned to the overall top-three threats across all platforms globally. In a detailed research report, Check Point revealed 85 million devices globally are infected by HummingBad, generating an estimated $300,000 per month in fraudulent ad revenue for the criminals behind it – highlighting how hackers are increasingly targeting mobile devices.
In June, Conficker accounted for 14 percent of recognized attacks for the second month running; while second-placed Sality accounted for 10 percent and third-placed HummingBad for 6 percent of all attacks. The top-10 families were responsible for 50 percent of all recognized attacks.
Mobile malware families continued to pose a significant threat to businesses mobile devices during June with the top three remaining unchanged. The top-three mobile families were:
1. ? HummingBad - Android malware that has infected 85 million mobile devices globally to generate fraudulent advertising revenue. HummingBad establishes a persistent rootkit on the device, installs fraudulent applications and enables additional malicious activity such as installing a key-logger and stealing credentials.
2. ? Iop - Android malware that installs applications and displays excessive advertising by using root access on the mobile device. The amount of ads and installed apps makes it difficult for the user to continue using the device as usual.
3. ? XcodeGhost - A compromised version of the iOS developer platform, Xcode. This unofficial version of Xcode was altered so it injects malicious code into any app that was developed and compiled using it. The injected code sends app info to a C&C server, allowing the infected app to read the device clipboard.
“The sustained, significant increase in the number of active malware families targeting business networks during the first half of 2016 highlights the escalating threat levels that organizations are currently facing,” said Nathan Schuchami, head of threat prevention, Check Point “Hackers are putting extensive effort into creating new, sophisticated malware families to defraud companies and steal data. Organizations need advanced threat prevention measures on their networks, endpoints and mobile devices to stop these threats before they fall victim to them.”