Read time: 3 minutes

Ransomware, 'malvertising' and cryptominers dominate cyber threat landscape

By , Portals editor
South Africa , 12 Feb 2018

Ransomware, 'malvertising' and cryptominers dominate cyber threat landscape

Cyber criminals are increasingly turning to cryptominers to develop illegal revenue streams, while ransomware and 'malvertising' adware continue to impact organisations worldwide.

This is according to the H2 2017 Global Threat Intelligence Trends report, released by global cyber security solutions provider Check Point Software Technologies.

The company hosted its annual security event CPX 360 in Barcelona this week and announced the report, a detailed overview of the cyber-threat landscape in the top malware categories – ransomware, banking and mobile.

The report is based on data drawn from Check Point's ThreatCloud intelligence between July and December 2017, highlighting the key tactics cyber-criminals are using to attack businesses.

According to Check Point, during the period July to December 2017, one in five organisations were impacted by cryptomining malware, tools that enable cybercriminals to hijack the victim's CPU or GPU power and existing resources to mine cryptocurrency, using as much as 65% of the end-user's CPU power.

Key malware trends in H2 last year include cryptocurrency miners frenzy, decrease in exploit kits, increase in scam operations and malspam, as well as mobile malware reaching enterprise level.

"While crypto-miners are commonly used by individuals to mine their own coins, the rising public interest in virtual currencies has slowed the mining process, which depends directly on the number of currency holders. This slowdown has increased the computational power needed to mine crypto-coins, which led cybercriminals to think of new ways to harness the computation resources of an unsuspecting public," reads a statement by the company.

It added that throughout 2017, the ratio between infections based on HTTP and STMP shifted in favor of SMTP, from 55% in the first half of 2017 to 62% in the second.

"The increase in the popularity of these distribution methods attracted skilled threat actors who brought with them an advanced practice that included various exploitations of vulnerabilities in documents, especially in Microsoft Office,"

Maya Horowitz, Threat Intelligence Group Manager at Check Point commented: "The second half of 2017 has seen crypto-miners take the world by storm to become a favourite monetising attack vector. While this is not an entirely new malware type, the increasing popularity and value of cryptocurrency has led to a significant increase in the distribution of crypto-mining malware. Also, there has been a continuation of trends, such as ransomware, that date back to 2016, which is still a leading attack vector, used for both global attacks and targeted attacks against specific organisations. 25% of the attacks we saw in this period exploit vulnerabilities discovered over a decade ago, and less than 20% use ones from the last couple of years. So it's clear that there is still a lot that organisations need to do to fully protect themselves against attacks."

The company listed Locky (30%), Globeimposter (26%) and WannaCry (15%) as top ransomware during H2 last year, with Roughted (15.3%), Coinhive (8.3%) and Locky (7.9%) as top malware and Hidad (55%), Triada (8%) and Lotoor (8%) as the most significant mobile malware.

In 2017 international cyber security breaches and large-scale threats including WannaCry served as a stark reminder for Africa that it too is exposed to cyber threats and real risk to the enterprise.

Rick Rogers, Area Manager, Africa at Check Point said that there is an increasing awareness among businesses across the continent of the need for protection and the growing level of threat against operations.

He said the market is growing and the company continues to emphasise the importance of training and certification with solution adoption in order for businesses to capitalise on security infrastructure.

The company's channel business in Africa is well established said Rogers and operates from a base in South Africa to cover SADC, Nairobi to cover Kenya and neighbouring countries, and Lagos to cover Nigeria and surrounding countries.

At the beginning of last year the company channelled business towards the North, focussing on countries like Morocco and Algeria. It has also appointed Westcon Comstor as a distributor to serve the region.

Daily newsletter