Cyber Criminals Have Access To Weapons Grade Hacking Tools

Uploaded on 2017-08-29 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, TECHNOLOGY--Hackers

Businesses need to rethink cyber defences with nation-state attack tools in the hands of ordinary cyber criminals, warns CheckPoint

The leak and consequent availability of key nation-state hacking tools, zero-day vulnerabilities, exploits and attack methods now enables any potential hacker to carry out sophisticated attacks.

This was illustrated by the WannaCry and NotPetya attacks, which both used exploits believed to have been developed by the US National Security Agency (NSA) and leaked by the Shadow Brokers hacking group.

In March, thousands of documents detailing the CIA’s efforts and methodologies for hacking into iPhones, Android devices and smart TVs were also released. However, Check Point researchers observed a reverse trend in the CIA case, with some of the code used by the CIA to hack into mobile devices being borrowed from mainstream malware.

The key takeaway for users, the report said, is that all cyber threats are related, regardless of where they originate.

Surge in ransomware attacks

A related trend is the surge in ransomware in the first half of 2017, although, mainly due to the fact that the Americas were largely unaffected by WannaCry, it was not responsible for the highest number of attacks.

Globally, 22% of organisations were hit by CryptoWall, followed by WannaCry (18%), Jaff (15%) and Locky (10%).

On average, attacks by the top three ransomware types almost doubled compared with the first half of 2016, increasing from an average of 26% to an average of 48%.
In the Americas and Europe, the Middle East and Africa, ransomware accounted for more than half of the malware detected.

Evolving Cyber Threats

The second major trend highlighted in the report was that the line between adware and malware is fading, and mobile botnets are on the rise.

The Fireball malware, a browser hijacker that is primarily meant to push advertisements, was also found to be capable of executing any arbitrary code on a victim’s machine.

This discovery has led to a major change in the approach to stop adware, especially adware owned by large, seemingly legitimate organisations, the report said.

In parallel, mobile adware botnets also continue to expand and dominate the mobile malware arena. In the first half of 2017, Check Point witnessed a persistent rise in the spread and technical capabilities of mobile adware botnets, the report said.

A third major trend in the first half of 2017 was the evolution of macro-based downloaders, the report said, with new methods for exploiting Microsoft Office files being detected. These methods no longer require victims to open the door for the attackers by enabling macros.

A new wave of mobile bankers was the fourth trend identified by the report. Researchers observed that cyber attackers combined open sourced banking malware code with complex obfuscation techniques to bypass protections successfully and repeatedly, making attacks difficult to detect.

The most prevalent malware families in the first half of the year were Malvertising campaign RoughTed (23.5%), Fireball (19.7%), the Kelihos botnet used for bitcoin theft (10.4%) and CryptoWall (7.9%).

So far in 2017, almost 25% of all organisations globally have been affected by the RoughTed Malvertising campaign.

Choose Prevention over Detection

“Organisations are struggling to effectively counteract the abundance of threats now in play. Hackers are making malware more sophisticated, so the ability for unskilled hackers to inflict damage has risen dramatically,” said Maya Horowitz, threat intelligence group manager at Check Point.

“With all the cyber threats in circulation, many organisations still do not have the right security defences in place, and are focusing on a detection approach rather than implementing a proactive prevention solution that would block the attacks in the first place,” she said.

According to the report, the latest trends show malware being reconfigured to be far more effective at spreading laterally throughout organisations to rapidly cause large-scale damage.

However, even these types of sophisticated attacks could have been prevented if enterprises had used security controls and techniques such as proper network segmentation, threat emulation, threat extraction and endpoint security.

“With the all the news highlighting cyber risks these days, it’s shocking only 1% of organisations have implemented the necessary solutions to proactively prevent these types of attacks,” the report said, adding that many organisations are still relying on point solutions to address individual problems, leading to gaps in their cyber defences.

“It’s time to change the course of action and apply a new architecture focused on prevention rather than detection,” the report said.

At the same time as releasing the report, the security firm announced the launch of an online platform, Check Point Research, aimed at providing cyber threat intelligence insights to the threat intelligence community.
 
The platform will share original Check Point research, top trends in the cyber security space and details on the current threat landscape, the company said.

Computer Weekly

You Might Also Read:

What Is A Good Cyber Strategy?:

Cyber Security Checklist For Management (£)

 

 

« Android Apps With Spy Software
Hackers Target The Shipping Industry »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

OSSEC

OSSEC

OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS).

ISGroup (Information Security Group)

ISGroup (Information Security Group)

ISGroup services include network penetration testing, Web application penetration testing, ethical hacking, vulnerability assessments, code review and associated training.

Magal Security Systems (Magal S3)

Magal Security Systems (Magal S3)

Magal Security Systems is a leading international provider of integrated solutions and products for physical and cyber security, safety and site management.

TrustInSoft

TrustInSoft

TrustInSoft develops solutions that validate mission-critical software and eliminate attack vectors.

National Cyber Summit (NCS)

National Cyber Summit (NCS)

The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation's infrastructure from the ever-evolving cyber threat.

OneSpan

OneSpan

OneSpan (formerly Vasco Data Security) is a global leader in digital identity security, transaction security and business productivity.

Cybertron

Cybertron

Cybertron services include real-time monitoring and incident response and a cyber range for competency development.

Center for Applied Cybersecurity Research (CACR) - University of Indiana

Center for Applied Cybersecurity Research (CACR) - University of Indiana

CACR serves Indiana and the nation by tackling cyber risk in research and other unusual environments through agile, holistic, principle-based cybersecurity.

ThreatSwitch

ThreatSwitch

ThreatSwitch a software platform for cleared federal contractors to get and stay compliant with NISPOM and Conforming Change 2.

Electric Power Research Institute (EPRI)

Electric Power Research Institute (EPRI)

The Electric Power Research Institute’s Cyber Security Research Laboratory (CSRL) addresses the security issues of critical functions of electric utilities.

Selectron Systems

Selectron Systems

Selectron offers system solutions for automation in rail vehicles and support in dealing with your railway cyber security challenges.

Audea

Audea

Audea is a consultancy firm specialising in cybersecurity, risk and compliance. We provide professional services addressing all areas of Cybersecurity and GRC.

Evanssion

Evanssion

Evanssion is a value added distributor specialized in Cloud Native & Cyber Security across Middle East & Africa.

Aunalytics

Aunalytics

Aunalytics is a data platform company that delivers insights as a service to answer your most important IT and business questions.

Smile Identity

Smile Identity

Smile Identity helps businesses confirm the true identity of their users in real-time using any smartphone or computer.

Interlynk

Interlynk

Interlynk's #SBOM and # VEX-powered platform automates and continuously monitors first-party and vendor software supply chains and helps meet #FDA, #CRA, #GSA, and #DoD compliance obligations.