Nmedia - Fotolia

Cyber criminals command top-level attacks, warns Check Point

Businesses need to rethink cyber defences with nation-state attack tools in the hands of ordinary cyber criminals, warns Check Point

The widespread use of powerful cyber attack tools is a top trend to emerge in the first half of 2017, according to the latest cyber attack report from security firm Check Point.

The leak and consequent availability of key nation-state hacking tools, zero-day vulnerabilities, exploits and attack methods now enables any potential hacker to carry out sophisticated attacks.

This was illustrated by the WannaCry and NotPetya attacks, which both used exploits believed to have been developed by the US National Security Agency (NSA) and leaked by the Shadow Brokers hacking group.

In March, thousands of documents detailing the CIA’s efforts and methodologies for hacking into iPhones, Android devices and smart TVs were also released.

However, Check Point researchers observed a reverse trend in the CIA case, with some of the code used by the CIA to hack into mobile devices being borrowed from mainstream malware.

The key takeaway for users, the report said, is that all cyber threats are related, regardless of where they originate.

Surge in ransomware attacks

A related trend is the surge in ransomware in the first half of 2017, although, mainly due to the fact that the Americas were largely unaffected by WannaCry, it was not responsible for the highest number of attacks.

Globally, 22% of organisations were hit by CryptoWall, followed by WannaCry (18%), Jaff (15%) and Locky (10%).

All cyber threats are related, regardless of where they originate
Check Point cyber attack report

On average, attacks by the top three ransomware types almost doubled compared with the first half of 2016, increasing from an average of 26% to an average of 48%.

In the Americas and Europe, the Middle East and Africa, ransomware accounted for more than half of the malware detected.

Evolving cyber threats

The second major trend highlighted in the report was that the line between adware and malware is fading, and mobile botnets are on the rise.

The Fireball malware, a browser hijacker that is primarily meant to push advertisements, was also found to be capable of executing any arbitrary code on a victim’s machine.

This discovery has led to a major change in the approach to stop adware, especially adware owned by large, seemingly legitimate organisations, the report said.

In parallel, mobile adware botnets also continue to expand and dominate the mobile malware arena. In the first half of 2017, Check Point witnessed a persistent rise in the spread and technical capabilities of mobile adware botnets, the report said.

A third major trend in the first half of 2017 was the evolution of macro-based downloaders, the report said, with new methods for exploiting Microsoft Office files being detected. These methods no longer require victims to open the door for the attackers by enabling macros.

A new wave of mobile bankers was the fourth trend identified by the report. Researchers observed that cyber attackers combined open sourced banking malware code with complex obfuscation techniques to bypass protections successfully and repeatedly, making attacks difficult to detect.

The most prevalent malware families in the first half of the year were malvertising campaign RoughTed (23.5%), Fireball (19.7%), the Kelihos botnet used for bitcoin theft (10.4%) and CryptoWall (7.9%).

So far in 2017, almost 25% of all organisations globally have been affected by the RoughTed malvertising campaign.

Choose prevention over detection

“Organisations are struggling to effectively counteract the abundance of threats now in play. Hackers are making malware more sophisticated, so the ability for unskilled hackers to inflict damage has risen dramatically,” said Maya Horowitz, threat intelligence group manager at Check Point.

“With all the cyber threats in circulation, many organisations still do not have the right security defences in place, and are focusing on a detection approach rather than implementing a proactive prevention solution that would block the attacks in the first place,” she said.

“Many organisations are focusing on a detection approach rather than implementing a proactive prevention solution that would block the attacks in the first place”
Maya Horowitz, Check Point

According to the report, the latest trends show malware being reconfigured to be far more effective at spreading laterally throughout organisations to rapidly cause large-scale damage.

However, even these types of sophisticated attacks could have been prevented if enterprises had used security controls and techniques such as proper network segmentation, threat emulation, threat extraction and endpoint security.

“With the all the news highlighting cyber risks these days, it’s shocking only 1% of organisations have implemented the necessary solutions to proactively prevent these types of attacks,” the report said, adding that many organisations are still relying on point solutions to address individual problems, leading to gaps in their cyber defences.

“It’s time to change the course of action and apply a new architecture focused on prevention rather than detection,” the report said.

At the same time as releasing the report, the security firm announced the launch of an online platform, Check Point Research, aimed at providing cyber threat intelligence insights to the threat intelligence community. 

The platform will share original Check Point research, top trends in the cyber security space and details on the current threat landscape, the company said.

Read more about malware

Read more on Hackers and cybercrime prevention