Site icon Check Point Blog

Ransomware jumps 85%, but most attacks can be prevented

EXECUTIVE SUMMARY:

In its mid-year report, Check Point Research provides analysis of the year to date, looking at global attacks, trends in malware overall, ransomware, and both banking and mobile malware. According to the report, the percentage of attacks out of the top three ransomware in all regions almost doubled, increasing from an average of 26% to an average of 48%, compared to the same time period as 2016. The report also stated that many of the most prominent recent attacks–like WannCry and NotPetya–were preventable had organizations used technologies that catch threats before entering the network, versus relying on solutions that detect, post-intrusion. However, 99 percent of organizations do not have proper security mechanisms in place.

Simple malware families are continuing to crop up even as the more sophisticated National Security Agency (NSA) hacking tools leaked by the Shadow Brokers gain greater distribution. With various means for all levels of cyber criminals to create cyber exploits, hackers are upping the ante of their attacks. Ransomware and other types of cyber assaults are targeting public infrastructure and medical facilities worldwide.

Check Point Research identified several key trends emerging for 2017. Below are some highlights.

NATION-STATE CYBER WEAPONS ARE NOW IN THE HANDS OF CRIMINALS

THE LINE BETWEEN ADWARE AND MALWARE IS FADING, AND MOBILE ADWARE BOTNETS ARE ON THE RISE

MAJOR CYBER BREACHES ARE HITTING ALL GEOGRAPHIES

Americas
• February 23, 2017: Researchers found a critical security flaw in the edge servers of the web security company Cloudflare. A buffer overflow bug caused a major leak of sensitive user information from 3,400 websites, including Uber, 1Password, and OKCupid, an online dating site.
• March 7, 2017: WikiLeaks released more than 8,000 files and documents, alleged to belong to the Central Intelligence Agency (CIA). Dubbed "Vault7," the release included dozens of exploits and vulnerabilities for various platforms, including web bpostsers, Windows, Android, Apple products, and security products. The leak also detailed information about practices and methods allegedly used by the CIA.
• April 7, 2017: Unknown hackers breached the emergency siren system of Dallas, Texas, repeatedly activating all of the city’s 156 sirens for approximately an hour late Friday night.
• April 14, 2017: The Shadow Brokers group, which had previously released hacking tools allegedly belonging to the NSA, leaked additional tools, exploiting zero-day vulnerabilities for both Windows and the SWIFT banking system. One month later, a global attack took advantage of that release and infected tens of thousands of machines with the WannaCry ransomware, using a vulnerability in the Windows OS SMB EternalBlue communication protocol. The victims included hospitals, telecommunication companies, car manufacturers and others.
• May 11, 2017: Edmodo, a popular educational technology company based in California, lost the personal data for approximately 77 million user accounts belonging to students, parents and teachers. The stolen data included email addresses, usernames and hashed passwords. It was reported that the hacker offered the data for sale on a dark web forum for $1,000.
Europe, the Middle East and Africa (EMEA)
• January 7, 2017: E-Sports Entertainment Association League, a popular video gaming community owned by the Germany-based eSports company Turtle Entertainment GmbH, suffered a breach that may have revealed personal data of 1.5 million users.
• January 12, 2017: Cellebrite, an Israeli company known for developing mobile forensics and hacking tools, was breached, leading to the theft of 900 GB of customer data.
• April 9, 2017: Wonga, a UK-based loan firm, suffered a breach affecting up to 270,000 customers, most of them in the UK. According to Wonga, the leaked data might include e-mail addresses, home addresses, phone numbers, partial credit card numbers and bank account numbers.
Asia-Pacific (APAC)
• February 13, 2017: The McDonald’s India app, McDelivery, leaked the personal data of more than 2.2 million customers, including name, email address, phone number, home address and social profiles. McDelivery acknowledged the issue on February 13. However, as of March 17, it hadn't been fixed and customer data continued to be exposed.
• March 14, 2017: GMO Payment Gateway, the Japanese provider of payment processing services, confirmed that a security flaw in the company’s systems led to the leak of personal and financial data from the websites of two of its clients: the Tokyo metropolitan government and the Japan Housing Finance Agency.
• April 13, 2017: Some 500,000 Australian websites were rendered inaccessible for an hour and a half, after the DNS servers of an Australian Internet company fell victim to a massive DDoS attack.
• April 24, 2017: An unknown hacker broke into HipChat, a group chat platform owned by the Australia-based enterprise Atlassian. User account information, such as names, email addresses and hashed passwords, mig have been stolen, as well as chat room metadata.

The detailed report is available for download here.

Exit mobile version