Check Point Press Releases

Exploit Kits Surge Worldwide as Rig EK Climbs to Second Place in Check Point’s ‘Most Wanted’ Malware

After several months in decline, Exploit kit infections show sharp uplift and deliver a variety of threats, says Check Point


San Carlos, CA  —  Fri, 14 Apr 2017

Check Point® Software Technologies Ltd. (NASDAQ: CHKP) has revealed a massive uplift in Exploit Kit usage by cybercriminals worldwide, with Rig reaching second place in the company’s March Global Threat Impact Index.

Exploit Kits, which are designed to discover and exploit vulnerabilities on machines in order to download and execute further malicious code, have been in decline since a high point in May 2016, following the demise of the leading Angler and Nuclear variants.  However, March saw the Rig EK surge up the rankings, being the second most-used malware worldwide throughout the period. The Terror Exploit Kit also increased dramatically in usage in March, and was just one place from making it into the monthly top ten list.

Rig delivers exploits for Flash, Java, Silverlight and Internet Explorer. The infection chain starts with a redirection to a landing page that contains JavaScript, which then checks for vulnerable plug-ins and delivers the exploit. Terror was first detected at the start of December 2016, and contained eight different operational exploits. Both Rig and Terror have been witnessed delivering a wide variety of threats, from ransomware and banking Trojans to spambots and BitCoin miners.

Continuing the trend seen in February, the top three malware families reveal a wide range of attack vectors and targets, which impact all stages of the infection chain. Ransomware proved one of the most profitable tools at cybercriminals’ disposal throughout 2016, and with popular Exploit Kits now being used to deliver it, the threat shows no sign of dying down.

The most common malware in March were HackerDefender and Rig EK in first and second place, each impacting 5% of organizations worldwide, followed by Conficker and Cryptowall, each impacting 4% of organizations worldwide.

March 2017’s Top 3 ‘Most Wanted’ Malware:

*The arrows relate to the change in rank compared to the previous month.

  1. ↑ HackerDefender – User-mode Rootkit for Windows, can be used to hide files, processes and registry keys, and also implements a backdoor and port redirector that operates through TCP ports opened by existing services. This means it is not possible to find the hidden backdoor through traditional means.
  2. ↑ Rig EK – Exploit Kit first introduced in 2014. Rig delivers Exploits for Flash, Java, Silverlight and Internet Explorer. The infection chain starts with a redirection to a landing page that contains JavaScript that checks for vulnerable plug-ins and delivers the exploit.
  3. ↑ Conficker – Worm that allows remote operations and malware download. The infected machine is controlled by a botnet, which contacts its Command & Control server to receive instructions.

In mobile malware, the top two families remained the same as in February, while Ztorg climbed back into the top three.

Top 3 ‘Most Wanted’ mobile malware:

  1. Hiddad – Android malware which repackages legitimate apps and then released them to a third-party store. Its main function is displaying ads, however it is also able to gain access to key security details built into the OS, allowing an attacker to obtain sensitive user data.
  2. Hummingbad – Android malware that establishes a persistent rootkit on the device, installs fraudulent applications, and with slight modifications could enable additional malicious activity such as installing a key-logger, stealing credentials and bypassing encrypted email containers used by enterprises.
  3. Ztorg – Trojan that uses root privileges to download and install applications on the mobile phone without the user’s knowledge.

Nathan Shuchami, VP of Emerging Products at Check Point commented: “The dramatic resurgence of Exploit Kits in March illustrates that older threats don’t disappear forever – they simply go dormant and can be quickly redeployed.  It is always easier for malicious hackers to revisit and amend existing malware families and threat types rather than develop brand new ones, and Exploit Kits are a particularly flexible and adaptable threat type.  To deal with the threat from Rig, Terror and other Exploit Kits, organizations need to deploy advanced security systems across the entire network, such as Check Point’s SandBlast™ Zero-Day Protection and Mobile Threat Prevention.”

The ThreatCloud AI Map is powered by Check Point’s ThreatCloud AITM intelligence, the largest collaborative network to fight cybercrime which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud AI database holds over 250 million addresses analyzed for bot discovery, more than 11 million malware signatures and over 5.5 million infected websites, and identifies millions of malware types daily.

* The complete list of the top 10 malware families in March can be found on the Check Point Blog: March’s ‘Most Wanted’ Malware List: Exploit Kits Rise Again in Popularity

Check Point’s Threat Prevention Resources are available at:  /threat-prevention-resources/index.html

Follow Check Point via:
Twitter: https://www.twitter.com/checkpointsw
Facebook: https://www.facebook.com/checkpointsoftware
Blog: https://blog.checkpoint.com
YouTube: https://www.youtube.com/user/CPGlobal
LinkedIn:https://www.linkedin.com/company/check-point-software-technologies

About Check Point Software Technologies Ltd.

Check Point Software Technologies Ltd. (www.checkpoint.com) is the largest network cyber security vendor globally, providing industry-leading solutions and protecting customers from cyberattacks with an unmatched catch rate of malware and other types of threats. Check Point offers a complete security architecture defending enterprises – from networks to mobile devices – in addition to the most comprehensive and intuitive security management. Check Point protects over 100,000 organizations of all sizes.

 

×
  Feedback
Questo sito web utilizza cookies per la sua funzionalità e per scopi di analisi e marketing. Continuando a utilizzare questo sito Web, accetti l'utilizzo dei cookies. Per ulteriori informazioni, leggere la nostra Informativa sui cookie.
OK