Cyber Criminals Have Access To Weapons Grade Hacking Tools

Businesses need to rethink cyber defences with nation-state attack tools in the hands of ordinary cyber criminals, warns CheckPoint

The leak and consequent availability of key nation-state hacking tools, zero-day vulnerabilities, exploits and attack methods now enables any potential hacker to carry out sophisticated attacks.

This was illustrated by the WannaCry and NotPetya attacks, which both used exploits believed to have been developed by the US National Security Agency (NSA) and leaked by the Shadow Brokers hacking group.

In March, thousands of documents detailing the CIA’s efforts and methodologies for hacking into iPhones, Android devices and smart TVs were also released. However, Check Point researchers observed a reverse trend in the CIA case, with some of the code used by the CIA to hack into mobile devices being borrowed from mainstream malware.

The key takeaway for users, the report said, is that all cyber threats are related, regardless of where they originate.

Surge in ransomware attacks

A related trend is the surge in ransomware in the first half of 2017, although, mainly due to the fact that the Americas were largely unaffected by WannaCry, it was not responsible for the highest number of attacks.

Globally, 22% of organisations were hit by CryptoWall, followed by WannaCry (18%), Jaff (15%) and Locky (10%).

On average, attacks by the top three ransomware types almost doubled compared with the first half of 2016, increasing from an average of 26% to an average of 48%.
In the Americas and Europe, the Middle East and Africa, ransomware accounted for more than half of the malware detected.

Evolving Cyber Threats

The second major trend highlighted in the report was that the line between adware and malware is fading, and mobile botnets are on the rise.

The Fireball malware, a browser hijacker that is primarily meant to push advertisements, was also found to be capable of executing any arbitrary code on a victim’s machine.

This discovery has led to a major change in the approach to stop adware, especially adware owned by large, seemingly legitimate organisations, the report said.

In parallel, mobile adware botnets also continue to expand and dominate the mobile malware arena. In the first half of 2017, Check Point witnessed a persistent rise in the spread and technical capabilities of mobile adware botnets, the report said.

A third major trend in the first half of 2017 was the evolution of macro-based downloaders, the report said, with new methods for exploiting Microsoft Office files being detected. These methods no longer require victims to open the door for the attackers by enabling macros.

A new wave of mobile bankers was the fourth trend identified by the report. Researchers observed that cyber attackers combined open sourced banking malware code with complex obfuscation techniques to bypass protections successfully and repeatedly, making attacks difficult to detect.

The most prevalent malware families in the first half of the year were Malvertising campaign RoughTed (23.5%), Fireball (19.7%), the Kelihos botnet used for bitcoin theft (10.4%) and CryptoWall (7.9%).

So far in 2017, almost 25% of all organisations globally have been affected by the RoughTed Malvertising campaign.

Choose Prevention over Detection

“Organisations are struggling to effectively counteract the abundance of threats now in play. Hackers are making malware more sophisticated, so the ability for unskilled hackers to inflict damage has risen dramatically,” said Maya Horowitz, threat intelligence group manager at Check Point.

“With all the cyber threats in circulation, many organisations still do not have the right security defences in place, and are focusing on a detection approach rather than implementing a proactive prevention solution that would block the attacks in the first place,” she said.

According to the report, the latest trends show malware being reconfigured to be far more effective at spreading laterally throughout organisations to rapidly cause large-scale damage.

However, even these types of sophisticated attacks could have been prevented if enterprises had used security controls and techniques such as proper network segmentation, threat emulation, threat extraction and endpoint security.

“With the all the news highlighting cyber risks these days, it’s shocking only 1% of organisations have implemented the necessary solutions to proactively prevent these types of attacks,” the report said, adding that many organisations are still relying on point solutions to address individual problems, leading to gaps in their cyber defences.

“It’s time to change the course of action and apply a new architecture focused on prevention rather than detection,” the report said.

At the same time as releasing the report, the security firm announced the launch of an online platform, Check Point Research, aimed at providing cyber threat intelligence insights to the threat intelligence community.
 
The platform will share original Check Point research, top trends in the cyber security space and details on the current threat landscape, the company said.

Computer Weekly

You Might Also Read:

What Is A Good Cyber Strategy?:

Cyber Security Checklist For Management (£)

 

 

« Android Apps With Spy Software
Hackers Target The Shipping Industry »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Tendo Solutions

Tendo Solutions

Tendo Solutions provides intelligence, security, forensics and risk solutions to clients across different sectors and jurisdictions.

Malwarebytes

Malwarebytes

Malwarebytes provides artificial intelligence-powered technology that stops cyberattacks before they can compromise computers and endpoints.

Fastpath Solutions

Fastpath Solutions

Fastpath deliver software solutions that enable you to take control of your security, compliance and risk management initiatives.

Finnish Information Security Cluster (FISC)

Finnish Information Security Cluster (FISC)

FISC is an organization established by major Finnish information security companies to promote their activities nationally and internationally.

ShiftLeft

ShiftLeft

ShiftLeft is a continuous application security platform, purpose-built for the modern software development life cycle.

Enterprise Ethereum Alliance (EEA)

Enterprise Ethereum Alliance (EEA)

EEA is a member-led industry organization whose objective is to drive the use of Ethereum blockchain technology as an open-standard to empower ALL enterprises.

SecSign Technologies

SecSign Technologies

SecSign Technologies delivers user authentication, messaging, file sharing, and file storage with next generation security for company networks, websites, platforms, and devices.

SuperCom

SuperCom

SuperCom are a global secure solutions integrator and technology provider for governments and other consumers facing organizations around the world.

Fortify 24/7

Fortify 24/7

Fortify 24×7 provides a robust portfolio of managed cybersecurity solutions to help you identify and prevent attacks.

Sure Valley Ventures

Sure Valley Ventures

Sure Valley Ventures is an entrepreneur led venture capital fund focused on helping software entrepreneurs grow and scale businesses that will have a global impact.

Novacoast

Novacoast

Novacoast helps organizations find, create & implement solutions for a powerful security posture through advisory, engineering, development & managed services.

Ignite Cyber

Ignite Cyber

IGNITE Cyber is focused on enabling secure technology adoption through intelligent business decisions. We are focused on providing a secure and stable business environment for everyone.

DNSFilter

DNSFilter

DNSFilter is the most accurate threat detection and content filtering tool on the market today.

Lightpoint Global

Lightpoint Global

Lightpoint Global is a bespoke software development company. We also provide a spectrum of services such as IT consulting, business analysis, QA and testing, and DevOps services.

Health Sector Cybersecurity Coordination Center (HC3)

Health Sector Cybersecurity Coordination Center (HC3)

HC3 was created by the US Department of Health and Human Services to aid in the protection of vital, controlled, healthcare-related information.

Cyber Guru

Cyber Guru

Cyber Guru is an effective cybersecurity awareness training platform, enabling organisations to increase their resistance to cyber-attacks by changing employee behaviour.