While South Africa improved its global ranking in the latest Check Point Software Technologies Threat Index, the number of active global malware families increased by 15% in May 2016.
South Africa ended May ranked 61st in the world, according to the Global Threat Index, an improvement of 36 places and a far cry from April 2016 that saw the country ranking 25th. There are 112 countries on the overall Index.
Globally, Check Point detected 2 300 unique and active malware families attacking business networks in May. It was the second month running Check Point has observed an increase in the number of unique malware families, having previously reported a 50% increase from March to April.
The continued rise in the number of active malware variants highlights the wide range of threats and scale of challenges security teams face in preventing an attack on their business critical information.
Notable findings include:
* While Virut was the most commonly used malware in the period, banking malware Trojan Tinba became the fifth most prevalent form of infection last month in South Africa, allowing hackers to steal victim’s credentials using web-injects, activated as users try to log-in to their banking website. Tinba ranked second in the overall international threat list.
* Attacks against mobile devices also remained constant as Android malware HummingBad persisted in the overall top 10 of malware attacks in South Africa during the period. Despite only being discovered by Check Point researchers in February, it has rapidly become commonly used; indicating hackers view Android mobile devices as weak spots in enterprise security and as potentially high reward targets.
“This is a significant improvement in South Africa’s global ranking on the Threat Index, but also reflects a large degree of volatility in the month-to-month rankings,” says Doros Hadjizenonos, country manager at Check Point Software Technologies South Africa. “Check Point continues to see a substantial escalation in the number of families of active malware attacking business networks. We feel this reflects the considerable effort hackers and cybercriminals are putting into new attack methods.
“South African companies must remain cognizant of the sheer scale of the threat facing them from malware, and invest accordingly in securing their networks using advanced threat prevention measures on all devices, as well as networks and endpoints.”
In May, Virut was the top malware threat in South Africa. Dnschanger and Conficker were the second and third top threats in South Africa during the month. Internationally, Conficker was the most prominent malware family, accounting for 14% of recognised attacks.
Virut is one of the top malware and botnet distributors in the Internet, and uses DDoS attacks, spam distribution, data theft and fraud methods. Spread through executables originating from infected devices, Virut alters the local host files and opens a backdoor to remote attackers via an IRC channel.
Dnschanger is a backdoor targeting Windows platform, this malware is often distributed by Mamba, another malware. It changes DNS settings by replacing the name server, and survives reboots by creating a scheduled task that runs daily.
Conficker is a worm that allows remote operations, malware downloads, and credential theft by disabling Microsoft Windows systems security services. Infected machines are controlled by a botnet, which contacts its command and control server to receive instructions.
Mobile malware families continued to pose a significant threat to business mobile devices during May with six entries into the global list of top 100 overall malware families. Most of these targeted Android, but in a continuation of the trend seen in April several targeted iOS. South Africa’s top mobile-specific threat was Hummingbad.
HummingBad is Android malware that establishes a persistent rootkit on the device, installs fraudulent applications, and with slight modifications could enable additional malicious activity such as installing a keylogger, stealing credentials and bypassing encrypted email containers used by enterprises.