Cyber Criminals Have Access To Weapons Grade Hacking Tools

Uploaded on 2017-08-29 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, TECHNOLOGY--Hackers

Businesses need to rethink cyber defences with nation-state attack tools in the hands of ordinary cyber criminals, warns CheckPoint

The leak and consequent availability of key nation-state hacking tools, zero-day vulnerabilities, exploits and attack methods now enables any potential hacker to carry out sophisticated attacks.

This was illustrated by the WannaCry and NotPetya attacks, which both used exploits believed to have been developed by the US National Security Agency (NSA) and leaked by the Shadow Brokers hacking group.

In March, thousands of documents detailing the CIA’s efforts and methodologies for hacking into iPhones, Android devices and smart TVs were also released. However, Check Point researchers observed a reverse trend in the CIA case, with some of the code used by the CIA to hack into mobile devices being borrowed from mainstream malware.

The key takeaway for users, the report said, is that all cyber threats are related, regardless of where they originate.

Surge in ransomware attacks

A related trend is the surge in ransomware in the first half of 2017, although, mainly due to the fact that the Americas were largely unaffected by WannaCry, it was not responsible for the highest number of attacks.

Globally, 22% of organisations were hit by CryptoWall, followed by WannaCry (18%), Jaff (15%) and Locky (10%).

On average, attacks by the top three ransomware types almost doubled compared with the first half of 2016, increasing from an average of 26% to an average of 48%.
In the Americas and Europe, the Middle East and Africa, ransomware accounted for more than half of the malware detected.

Evolving Cyber Threats

The second major trend highlighted in the report was that the line between adware and malware is fading, and mobile botnets are on the rise.

The Fireball malware, a browser hijacker that is primarily meant to push advertisements, was also found to be capable of executing any arbitrary code on a victim’s machine.

This discovery has led to a major change in the approach to stop adware, especially adware owned by large, seemingly legitimate organisations, the report said.

In parallel, mobile adware botnets also continue to expand and dominate the mobile malware arena. In the first half of 2017, Check Point witnessed a persistent rise in the spread and technical capabilities of mobile adware botnets, the report said.

A third major trend in the first half of 2017 was the evolution of macro-based downloaders, the report said, with new methods for exploiting Microsoft Office files being detected. These methods no longer require victims to open the door for the attackers by enabling macros.

A new wave of mobile bankers was the fourth trend identified by the report. Researchers observed that cyber attackers combined open sourced banking malware code with complex obfuscation techniques to bypass protections successfully and repeatedly, making attacks difficult to detect.

The most prevalent malware families in the first half of the year were Malvertising campaign RoughTed (23.5%), Fireball (19.7%), the Kelihos botnet used for bitcoin theft (10.4%) and CryptoWall (7.9%).

So far in 2017, almost 25% of all organisations globally have been affected by the RoughTed Malvertising campaign.

Choose Prevention over Detection

“Organisations are struggling to effectively counteract the abundance of threats now in play. Hackers are making malware more sophisticated, so the ability for unskilled hackers to inflict damage has risen dramatically,” said Maya Horowitz, threat intelligence group manager at Check Point.

“With all the cyber threats in circulation, many organisations still do not have the right security defences in place, and are focusing on a detection approach rather than implementing a proactive prevention solution that would block the attacks in the first place,” she said.

According to the report, the latest trends show malware being reconfigured to be far more effective at spreading laterally throughout organisations to rapidly cause large-scale damage.

However, even these types of sophisticated attacks could have been prevented if enterprises had used security controls and techniques such as proper network segmentation, threat emulation, threat extraction and endpoint security.

“With the all the news highlighting cyber risks these days, it’s shocking only 1% of organisations have implemented the necessary solutions to proactively prevent these types of attacks,” the report said, adding that many organisations are still relying on point solutions to address individual problems, leading to gaps in their cyber defences.

“It’s time to change the course of action and apply a new architecture focused on prevention rather than detection,” the report said.

At the same time as releasing the report, the security firm announced the launch of an online platform, Check Point Research, aimed at providing cyber threat intelligence insights to the threat intelligence community.
 
The platform will share original Check Point research, top trends in the cyber security space and details on the current threat landscape, the company said.

Computer Weekly

You Might Also Read:

What Is A Good Cyber Strategy?:

Cyber Security Checklist For Management (£)

 

 

« Android Apps With Spy Software
Hackers Target The Shipping Industry »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Chertoff Group

Chertoff Group

The Chertoff Group provide security advice and risk management services covering cyber security, insider threat, physical security and asset protection.

SSH Communications Security

SSH Communications Security

SSH Communications Security is a leading provider of enterprise cybersecurity solutions for controlling trusted access to information systems and data.

Palo Alto Networks

Palo Alto Networks

Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate.

Cofense

Cofense

Cofense (formerly PhishMe) is a leading provider of human-driven phishing defense solutions.

OASIS Open

OASIS Open

OASIS Open is where individuals, organizations, and governments come together to solve some of the world’s biggest technical challenges through the development of open code and open standards.

sic[!]sec

sic[!]sec

sic[!]sec provide products and services for web application security.

Elastic

Elastic

Elastic is the world's leading software provider for making structured and unstructured data usable in real time for search, logging, security, and analytics use cases.

Invensis Learning

Invensis Learning

Invensis Learning is a professional training and certification company providing IT Service Management, IT Security & Governance, DevOps, Cloud Computing and Digital Awareness training.

Monegasque Digital Security Agency (AMSN)

Monegasque Digital Security Agency (AMSN)

AMSN is the national authority in charge of the security of information systems in Monaco.

SafeHouse Technologies

SafeHouse Technologies

SafeHouse is a cloud-based, high-end cybersecurity platform that can secure and insure any device that is connected to it.

SecureDrives

SecureDrives

Passwordless Authentication & Encrypted Data Storage Solutions from SecureDrives. We are enabling organisations to work safely and securely, using technology driven solutions.

ramsac

ramsac

ramsac provide secure, resilient IT management, cybersecurity, 24 hour support and IT strategy to businesses in London and the South East.

Mayer Brown

Mayer Brown

Mayer Brown is a global law firm. We have deep experience in high-stakes litigation and complex transactions across industry sectors including the global financial services industry.

Corsearch

Corsearch

Combining AI-powered technology and decades of industry expertise, Corsearch is revolutionizing how companies establish and protect their brands.

CyberAI Group

CyberAI Group

CyberAI's mission is to pioneer the evolution of the cybersecurity landscape globally, by strategically acquiring and elevating IT consulting firms into leaders of cybersecurity innovation.

SPYROS Information & Technology Consulting

SPYROS Information & Technology Consulting

SPYROS specializes in providing highly qualified professionals in Computer Network Operations, Signals Intelligence, Technical Training and Certifications, Network Administration and Security.