CyberCrimeSecuritySecurity Management

Ransomware Attacks ‘Double’ As Nation State Weapons Fall Into Hands Of Hackers

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Grim reading…Malware is growing, adware mutating, and sophisticated ‘nation state’ tools are being used by low-level hackers

Security specialists Check Point has painted a fairly grim picture of the cyber security landscape in its latest ‘Cyber Attack Trends: Mid-Year‘ report.

It revealed that ransomware attacks have doubled in the first six months of 2017; adware is mutating; and because of leaks, nation-state cyber weapons and exploits are falling into the hands of regular hackers.

The security specialist has also launched a new online platform dubbed ‘Check Point Research’. This platform will provide security specialists with access to Check Point’s cyber threat intelligence insights.

ransomware

Malware Trends

The Check Point report examined the state of the cyber security market from January to June 2017.

It revealed that ransomware attacks in the Americas, Europe, Middle East and Africa (EMEA) was nearly double those detected in the first six months of 2016 – from an average of 26 percent to an average of 48 percent of the three main attack categories worldwide.

“Organisations are struggling to effectively counteract the abundance of threats now in play,” commented Maya Horowitz, Threat Intelligence Group Manager at Check Point. “Hackers are making malware more sophisticated, and so the ability for unskilled hackers to inflict damage has risen dramatically.”

Furthermore, the research found that in the first half of 2017, 23.5 percent of organisations were impacted by the RoughTed malvertising campaign.

Meanwhile 19.7 percent of organisations were impacted by the Fireball malware.

Check Point revealed in June that the Chinese malware dubbed ‘Fireball’ had infected at least 250 million computers worldwide. Once the malware infects a computer (both Windows PCs and Apple Macs) it takes over the machine’s web browser and turns it into a zombie client.

According to Check Point, the Fireball malware led to a major change in the approach to stop adware, especially adware owned by massive, seemingly-legitimate organisations. But the report also found that mobile adware botnets also continue to expand and dominate the mobile malware arena.

And just as security experts have previously warned, the leak and consequent availability of key nation-state hacking tools, zero-day vulnerabilities, exploits and attack methods means that any potential hacker to carry out sophisticated attacks.

The ‘WannaCrypt’ or ‘WannaCry’ ransomware for example is believed to have stemmed from exploit tools stolen from the National Security Agency (NSA) in January by notorious hacker group ‘ShadowBrokers’.

Microsoft President Brad Smith has previously slammed the NSA for the “stockpiling of vulnerabilities”.

What is your biggest cybersecurity concern?

  • Ransomware (28%)
  • Humans / Social Engineering (27%)
  • State sponsored hackers (14%)
  • Malware (14%)
  • Other (7%)
  • Out of date tools (6%)
  • DDoS (4%)

Loading ... Loading ...

Other Threats

“2017 is shedding light on a new trend – simple, yet highly effective malware families are causing rapid destruction globally,” says the report. “The samples are distributed by unknown threat actors, yet wield high-end attack tools and techniques developed by elite nation-state actors.

“In addition, massive theft operations, such as the infamous Shadow Brokers leak of tools allegedly developed by the … NSA, have led to some of the world’s most sophisticated malware ending up in the hands of unskilled attackers.”

Meanwhile the Check Point report also revealed other threats, after it detected new methods for exploiting Microsoft Office files, which no longer require victims to open the door for the attackers by enabling macros.

Another threat concerns the banking sector, where attackers have combined open-sourced banking malware code with complex obfuscation techniques to successfully (and repeatedly) bypass protections, making it difficult to detect.

“With all the cyber threats in circulation, many organisations still do not have the right security defenses in place, and are focusing on a detection approach rather than implementing a proactive prevention solution that would block the attacks in the first place,” warned Check Point’s Horowitz.

Quiz: Are you a security pro?