Site icon Check Point Blog

Can your SASE solution block these top malware?

By Mor Ahuvia, Product Marketing Manager
 

Malware is a go-to tactic and essential tool for attackers. According to Check Point Research’s 2023 Cyber Security Report, 32% of cyber attacks globally are based on multipurpose malware with email as the attack vector in 86% of those attacks. The most vicious malware are wipers, whose only purpose is to cause irreversible damage and destruction. More wipers were used in 2022 than were recorded in the past 30 years.

Guard Against the Latest Malware

It pays to know your enemy. The Check Point Research 2023 report categorizes four types of malware: a multi-purpose malware, infostealers, cryptominers, and mobile malware, which are described briefly below. There are many variants within each category, along with different delivery tactics. In 2022, Check Point Research identified the leading malware globally.

Figure 1: Most prevalent malware globally in 2022 – Source Check Point Research

Multipurpose Malware

This common malware includes banking Trojans and botnets. It’s often used to gain initial access to an environment, and multiple variants are often used in combination by sophisticated cyber criminals for different purposes. Emotet, initially discovered in 2014, is the most prevalent type. Other well-known multipurpose malware includes Qbot, Raspberry Robin, and the Phorpiex botnet.

Wiper Malware

Multiple new families of wiper malware appeared throughout 2022. Most were aimed at organizations and infrastructure within political rivals by hacktivists or nation-state attackers. Wipers are vicious malware designed to inflict maximum destruction. Damage to data is usually irreversible.

Infostealers

Stolen credentials and cookies fuel a growing underground marketplace for cyber attack services. Cybercriminals use infostealers to spread broad-based malware infections. After initial infection, they mine the data to identify corporate VPN credentials and attempt to access networks. Infostealers affected 24% of all organizations in 2022. The four most common—AgentTesla, Formbook, SnakeKeylogger and LokiBot—are also among the top six global malware.

Cryptominers

In 2022, cryptominer malware dropped from 21% in 2021 to 16% globally. Attackers used XMRig, a legitimate open-source mining tool, for 76% of cryptomining attacks in 2022. LemonDuck is another cryptomining malware. First detected in 2019, it has extensive capabilities including credential stealing, lateral movement and the ability to drop tools for human-operated attacks.

Ransomware and Shifting Tactics

Ransomware campaigns employ multiple types of malware to carry out system commands, steal data and set the stage for the final ransom demand. In the past, individual ransomware actors automated campaigns to target victims and demand small amounts of money. There has been a significant shift in tactics as ransomware-as-a-service entities specifically target victims and produce human-led campaigns. They might encrypt victims’ data, releasing decryption keys after the ransom is paid. Others skip encryption and threaten to auction or release sensitive data for payment. Some contact the victim organization’s employees, business partners and customers to increase the pressure. Still others simply destroy data instead of encrypting it.

Prevention vs. Detection: Stop it Fast

Ever-morphing, new malware strains are difficult to detect. They can easily evade anti-virus (AV) software, which relies on signatures, or hashes, generated from already-seen suspicious files. Suspicious files are assigned a unique hash of alphanumeric characters. Zero-day malware, or variants of never-before-seen threats, have no signatures created, so your AV software, SWG or next-generation firewall can’t identify and block them. The ability to detect and prevent never-before-seen malware is critical to closing an attacker’s window of opportunity. This is why a Secure Access Service Edge (SASE) solution focused on threat prevention is critical to defending against new malware strains.

Capabilities That Make the Difference

The Only Prevention-First SASE Solution: Harmony Connect

Exit mobile version