Cyber Criminals Have Access To Weapons Grade Hacking Tools

Businesses need to rethink cyber defences with nation-state attack tools in the hands of ordinary cyber criminals, warns CheckPoint

The leak and consequent availability of key nation-state hacking tools, zero-day vulnerabilities, exploits and attack methods now enables any potential hacker to carry out sophisticated attacks.

This was illustrated by the WannaCry and NotPetya attacks, which both used exploits believed to have been developed by the US National Security Agency (NSA) and leaked by the Shadow Brokers hacking group.

In March, thousands of documents detailing the CIA’s efforts and methodologies for hacking into iPhones, Android devices and smart TVs were also released. However, Check Point researchers observed a reverse trend in the CIA case, with some of the code used by the CIA to hack into mobile devices being borrowed from mainstream malware.

The key takeaway for users, the report said, is that all cyber threats are related, regardless of where they originate.

Surge in ransomware attacks

A related trend is the surge in ransomware in the first half of 2017, although, mainly due to the fact that the Americas were largely unaffected by WannaCry, it was not responsible for the highest number of attacks.

Globally, 22% of organisations were hit by CryptoWall, followed by WannaCry (18%), Jaff (15%) and Locky (10%).

On average, attacks by the top three ransomware types almost doubled compared with the first half of 2016, increasing from an average of 26% to an average of 48%.
In the Americas and Europe, the Middle East and Africa, ransomware accounted for more than half of the malware detected.

Evolving Cyber Threats

The second major trend highlighted in the report was that the line between adware and malware is fading, and mobile botnets are on the rise.

The Fireball malware, a browser hijacker that is primarily meant to push advertisements, was also found to be capable of executing any arbitrary code on a victim’s machine.

This discovery has led to a major change in the approach to stop adware, especially adware owned by large, seemingly legitimate organisations, the report said.

In parallel, mobile adware botnets also continue to expand and dominate the mobile malware arena. In the first half of 2017, Check Point witnessed a persistent rise in the spread and technical capabilities of mobile adware botnets, the report said.

A third major trend in the first half of 2017 was the evolution of macro-based downloaders, the report said, with new methods for exploiting Microsoft Office files being detected. These methods no longer require victims to open the door for the attackers by enabling macros.

A new wave of mobile bankers was the fourth trend identified by the report. Researchers observed that cyber attackers combined open sourced banking malware code with complex obfuscation techniques to bypass protections successfully and repeatedly, making attacks difficult to detect.

The most prevalent malware families in the first half of the year were Malvertising campaign RoughTed (23.5%), Fireball (19.7%), the Kelihos botnet used for bitcoin theft (10.4%) and CryptoWall (7.9%).

So far in 2017, almost 25% of all organisations globally have been affected by the RoughTed Malvertising campaign.

Choose Prevention over Detection

“Organisations are struggling to effectively counteract the abundance of threats now in play. Hackers are making malware more sophisticated, so the ability for unskilled hackers to inflict damage has risen dramatically,” said Maya Horowitz, threat intelligence group manager at Check Point.

“With all the cyber threats in circulation, many organisations still do not have the right security defences in place, and are focusing on a detection approach rather than implementing a proactive prevention solution that would block the attacks in the first place,” she said.

According to the report, the latest trends show malware being reconfigured to be far more effective at spreading laterally throughout organisations to rapidly cause large-scale damage.

However, even these types of sophisticated attacks could have been prevented if enterprises had used security controls and techniques such as proper network segmentation, threat emulation, threat extraction and endpoint security.

“With the all the news highlighting cyber risks these days, it’s shocking only 1% of organisations have implemented the necessary solutions to proactively prevent these types of attacks,” the report said, adding that many organisations are still relying on point solutions to address individual problems, leading to gaps in their cyber defences.

“It’s time to change the course of action and apply a new architecture focused on prevention rather than detection,” the report said.

At the same time as releasing the report, the security firm announced the launch of an online platform, Check Point Research, aimed at providing cyber threat intelligence insights to the threat intelligence community.
 
The platform will share original Check Point research, top trends in the cyber security space and details on the current threat landscape, the company said.

Computer Weekly

You Might Also Read:

What Is A Good Cyber Strategy?:

Cyber Security Checklist For Management (£)

 

 

« Android Apps With Spy Software
Hackers Target The Shipping Industry »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Center for Identity - University of Texas at Austin

Center for Identity - University of Texas at Austin

The mission of the Center is to deliver the highest-quality discoveries, applications, education, and outreach for excellence in identity management, privacy, and security.

Logic Supply

Logic Supply

Logic Supply is a global industrial PC company focused on hardware for the IoT edge. We design highly-configurable computers engineered for reliability.

CyberSec Hub

CyberSec Hub

The goal of CyberSec Hub is to create a centre of excellence for cybersecurity in Krakow, a new European “Cyber-Silicon Valley”.

Cryptika

Cryptika

Cryptika is a fully integrated IT security and managed services provider, specialized in Next-Generation Cyber Security Technologies.

BAI Security

BAI Security

BAI Security is a Nationally Recognized Leader in IT Security. Keeping your data safe and your business compliant is our singular focus.

Salvador Technologies

Salvador Technologies

Salvador Technologies provides the world’s fastest technology to recover from cyber-attacks.

HighPoint

HighPoint

HighPoint is a leading technology infrastructure solutions provider offering consultancy, solutions and managed services for network infrastructure and cybersecurity.

Two Six Technologies

Two Six Technologies

Two Six Technologies delivers R&D, innovation, productization and implementation expertise in cyber, data science, mobile, microelectronics and information operations.

US Marine Corps Forces Cyberspace Command (MARFORCYBER)

US Marine Corps Forces Cyberspace Command (MARFORCYBER)

US Marine Corps Forces Cyberspace Command (MARFORCYBER) conducts full spectrum military cyberspace operations in order to enable freedom of action in cyberspace and deny the same to the adversary.

Comcast Business

Comcast Business

Comcast Business keeps businesses ready for what’s next with powerful connectivity, advanced cybersecurity solutions, and the right people at your side.

Campus cyber

Campus cyber

A project initiated by the President of the Republic, the Cyber Campus is the totem site of cybersecurity that brings together the main national and international players in the field.

Guardey

Guardey

Guardey protects thousands of SME's environments. Whether your team works at the office, at home, at the customer or remotely. We protect your business. We do this in an accessible and affordable way.

VLC Solutions

VLC Solutions

VLC Solutions is an independent solutions and technology service provider offering Cloud Services, Cybersecurity, ERP Services, Network Management Services, and Compliance Solutions.

Corinium Global Intelligence

Corinium Global Intelligence

At Corinium, we have been bringing together the brightest minds in data, AI and info sec since 2013, to innovate at the intersection of technological advancements and critical thinking.

Simbian

Simbian

Simbian, with its hardened TrustedLLM system, is the first to accelerate security by empowering every member of a security team from the C-Suite to frontline practitioners.

Cybersecurity Elastic Laboratory (CEL)

Cybersecurity Elastic Laboratory (CEL)

CEL specialize in providing top-tier services in vulnerability diagnosis and penetration testing, offering a comprehensive suite of solutions to mitigate cyber risks.