Story image

New threat rears its head in new malware report

14 Feb 2019

Cybersecurity solutions provider Check Point has published its latest Global Threat Index for January 2019.

The index reveals a new backdoor Trojan affecting Linux servers, which is distributing the XMRig crypto-miner.

The new malware, dubbed SpeakUp, is capable of delivering any payload and executing it on compromised machines.

The new Trojan currently evades all security vendors’ antivirus software.

It has been propagated through a series of exploitations based on commands it receives from its control centre, including the 8th most popular exploited vulnerability, “Command Injection over HTTP”.

Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.

In January, the top 4 most prevalent malware variants were cryptominers.

Coinhive remains the top malware, impacting 12% of organisations worldwide.

XMRig was once again the second most prevalent malware with a global impact of 8%, followed by Cryptoloot miner with an impact of 6% of organisations globally.

While there are four cryptominers in January’s index, half of all malware forms in the top ten can be used to download further malware to infected machines.

Check Point threat intelligence group manager Maya Horowitzat says, “While January saw little change in the malware forms aimed at enterprises worldwide, we are beginning to see new ways to distribute malware.

“Threats like these are a stark warning of bigger threats to come. Backdoors like Speakup can evade detection and then distribute further, potentially more dangerous malware to compromised machines.

Horowitz adds, “Since Linux is used extensively in enterprise servers, we expect Speakup will be a threat that will grow in scale and severity throughout the year.”

January 2019’s Top 3 ‘Most Wanted’ Malware:

*The arrows relate to the change in rank compared to the previous month.

1.       ↔ Coinhive - Crypto Miner designed to perform online mining of Monero cryptocurrency when a user visits a web page without the user's knowledge or approval the profits with the user. The implanted JavaScript uses a great deal of the computational resources of end users’ machines to mine coins, and may crash the system.

2.       ↔ XMRig- Open-source CPU mining software used for the mining process of the Monero cryptocurrency, and first seen in-the-wild on May 2017.     

3.       ↑ Cryptoloot - Crypto-Miner that uses the victim’s CPU or GPU power and existing resources for crypto mining - adding transactions to the blockchain and releasing new currency. It is a competitor to Coinhive, trying to pull the rug under it by asking a smaller percentage of revenue from websites.

Hiddad, the modular backdoor for Android which grants privileges to downloaded malware, has replaced Triada at first place in the top mobile malware list.

Lotoor follows in second place, while Triada has fallen to third place.

January’s Top 3 ‘Most Wanted’ Mobile Malware:

1.       Hiddad - Modular Backdoor for Android which grants superuser privileges to downloaded malware, as helps it to get embedded into system processes.

2.    Lotoor- Hack tool that exploits vulnerabilities on Android operating system in order to gain root privileges on compromised mobile devices.

3.    Triada - Modular Backdoor for Android which grants superuser privileges to downloaded malware, as helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.

Check Point researchers also analysed the most exploited cyber vulnerabilities.

CVE-2017-7269 remained in first place with a global impact of 47%.

Following closely behind, Web Server Exposed Git Repository Information Disclosure was in second place and OpenSSL TLS DTLS Heartbeat Information Disclosure followed in third, impacting 46% and 45% of organisations around the world respectively.

January’s Top 3 ‘Most Exploited’ vulnerabilities:

1.       ↔ Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow (CVE-2017-7269) - By sending a crafted request over a network to Microsoft Windows Server 2003 R2 through Microsoft Internet Information Services 6.0, a remote attacker could execute arbitrary code or cause a denial of service conditions on the target server. That is mainly due to a buffer overflow vulnerability resulted by improper validation of a long header in HTTP request.

2.       ↑ Web Server Exposed Git Repository Information Disclosure- An information disclosure vulnerability has been reported in Git Repository. Successful exploitation of this vulnerability could allow an unintentional disclosure of account information.

3.       ↓ OpenSSL TLS DTLS Heartbeat Information Disclosure (CVE-2014-0160; CVE-2014-0346) - An information disclosure vulnerability exists in OpenSSL. The vulnerability is due to an error when handling TLS/DTLS heartbeat packets. An attacker can leverage this vulnerability to disclose memory contents of a connected client or server.

Check Point’s ThreatCloud database holds over 250 million addresses analysed for bot discovery, more than 11 million malware signatures and over 5.5 million infected websites, and identifies millions of malware types daily.

Thycotic debunks top Privileged Access Management myths
Privileged Access encompasses access to computers, networks and network devices, software applications, digital documents and other digital assets.
Veeam reports double-digit Q1 growth
We are now focussed on an aggressive strategy to help businesses transition to cloud with Backup and Cloud Data Management solutions.
Paving the road to self-sovereign identity using blockchain
Internet users are often required to input personal information and highly-valuable data from contact numbers to email addresses to make use of the various platforms and services available online.
Tech Data to distribute Nutanix backup solution in A/NZ
Tech Data will distribute HYCU Data Protection for Nutanix backup and recovery software to their network of partners across Australia and New Zealand.
Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within Tenable.io.
Safety solutions startup wins ‘radical generosity’ funding
Guardian Angel Security was one of five New Zealand businesses selected by 500 women (SheEO Activators) who contributed $1100 each.
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.