Namibia was the country most targeted by cybercriminals during December 2015, after being second-most attacked in November.
Check Point Software Technologies reveals that seven African countries appeared among the top 20 most-attacked nations (out of 142). These include Malawi (6), Cameroon (8), Tunisia (11), Mauritius (12), Botswana (13) and Nigeria (17). Kenya appears at number 44 while South Africa dropped from 63rd position in November to 67th in December.
Check Point also reveals that the risk of an organisation being infected by malware increased by 17% in December, while the number of active malware families increased by 25%.
Based on threat intelligence drawn from its ThreatCloud World Cyber Threat Map, which tracks how and where cyberattacks are taking place worldwide in real time, Check Point identified more than 1 500 different active malware families during December, up from 1 200 in the previous month. The trend highlights the rising threat levels that businesses face in protecting their networks.
As with previous months, Conficker remained the most prevalent malware type, accounting for 25% of all known attacks during the period – significantly higher than second-placed Sality, which accounted for 9% of attacks. Conficker, and the third-placed Necurs variant, focus on disabling security services to create more vulnerabilities in the network, enabling them to be compromised further and used for launching DDoS and spam attacks.
The top ten malware families accounted for 60% of the total recognised attacks in December, with the three most prevalent being:
* Conficker – accounted for 25% of all recognised attacks; machines infected by Conficker are controlled by a botnet. It also disables security services, leaving computers even more vulnerable to other infections.
* Sality – Virus that allows remote operations and downloads of additional malware to infected systems by its operator. Its main goal is to persist in a system and provide means for remote control and installing further malware.
* Necurs – Used as a backdoor to download additional malware onto the infected machine, while disabling security services on the host to avoid detection.
While South African organisations were targeted by all three malware families, their biggest vulnerability came from Virut, a botnet used for DDoS attacks, spam, fraud, data theft and pay-per-install activities. It is spread through infected USB sticks and other media and through compromised HTML files.
Doros Hadjizenonos, country manager of Check Point South Africa, comments: “The fact that malware is entering South African organisations through infected devices and compromised websites makes it even more crucial that businesses use threat extraction and sandboxing tools to remove malware before it enters the network. Equally important is fostering a culture of security among staff, as humans are often the weakest link in the security chain. Rather than just blocking staff from accessing certain websites, for example, they should be told why they are being blocked and what could happen if they choose to access the website anyway.”
Check Point’s research also revealed the most prevalent mobile malware during December 2015, and once again attacks against Android devices were significantly more common than attacks against iOS. The top three mobile malware were:
* Xinyin – Observed as a Trojan-Clicker that performs Click Fraud on Chinese ad sites.
* AndroRAT – Malware that is able to pack itself with a legitimate mobile application and install without users’ knowledge, allowing a hacker full remote control of an Android device.
* Ztorg – Trojan that uses root privileges to download and install applications on the mobile phone without the user’s knowledge.
“The increase in active malware during December highlights the severity of the threat posed to organisations’ networks and sensitive data. As a result, organisations should be pushing cyber-security to the top of their agendas for 2016, as cyber-criminals continually find new ways to attack networks, so that they can be equally relentless in robustly securing their networks,” Hadjizenonos says.
The ThreatCloud Map is powered by Check Point’s ThreatCloudTM intelligence, the largest collaborative network to fight cybercrime, which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database holds over 250 million addresses analysed for bot discovery, over 11-million malware signatures and over 5,5=million infected websites, and identifies millions of malware types daily.