SOURCE: Check Point Software Technologies Ltd.

Check Point Software Technologies Ltd.

July 18, 2016 14:00 ET

Check Point Research Shows Surge in Active Malware Families During First Half of 2016

New Threat Index Shows Number of Malware Families Targeting Business Networks Has Grown 61 Percent From January to June 2016, While Mobile Threats Continue to Increase Rapidly

SAN CARLOS, CA--(Marketwired - Jul 18, 2016) -   Check Point® Software Technologies Ltd. (NASDAQ: CHKP) today published its latest Threat Index, revealing the number of active malware families increased by nearly two-thirds in the first half of 2016, led by the number of threats to business networks and mobile devices.

During June, Check Point detected 2,420 unique and active malware families attacking business networks, a 61 percent increase compared with January 2016 and a 21 percent increase since April. The continued rise in the number of active malware variants once again highlights the wide range of threats organizations' networks face, and the scale of the challenges security teams must overcome to prevent an attack on their business critical information. 

Conficker remained the most commonly used malware in June, while the HummingBad mobile malware returned to the overall top-three threats across all platforms globally. In a detailed research report, Check Point revealed 85 million devices globally are infected by HummingBad, generating an estimated $300,000 per month in fraudulent ad revenue for the criminals behind it -- highlighting how hackers are increasingly targeting mobile devices.

In June, Conficker accounted for 14 percent of recognized attacks for the second month running; while second-placed Sality accounted for 10 percent and third-placed HummingBad for 6 percent of all attacks. The top-10 families were responsible for 50 percent of all recognized attacks.

1. Conficker - Worm that allows remote operations, malware downloads and credential theft by disabling Microsoft Windows systems security services. Infected machines are controlled by a botnet, which contacts its Command & Control server to receive instructions.

2. Sality - Virus that infects Microsoft Windows systems to allow remote operations and downloads of additional malware. Due to its complexity and ability to adapt, Sality is widely considered to be one of the most formidable malware to-date.

3. Hummingbad - Android malware that establishes a persistent rootkit on the device, installs fraudulent applications and enables additional malicious activity such as installing a key-logger, stealing credentials and bypassing encrypted email containers used by enterprises. To-date the malware has infected 85 million mobile devices.

Mobile malware families continued to pose a significant threat to businesses mobile devices during June with the top three remaining unchanged. The top-three mobile families were:

1. HummingBad - Android malware that has infected 85 million mobile devices globally to generate fraudulent advertising revenue. HummingBad establishes a persistent rootkit on the device, installs fraudulent applications and enables additional malicious activity such as installing a key-logger and stealing credentials.

2. Iop - Android malware that installs applications and displays excessive advertising by using root access on the mobile device. The amount of ads and installed apps makes it difficult for the user to continue using the device as usual.

3. XcodeGhost - A compromised version of the iOS developer platform, Xcode. This unofficial version of Xcode was altered so it injects malicious code into any app that was developed and compiled using it. The injected code sends app info to a C&C server, allowing the infected app to read the device clipboard.

"The sustained, significant increase in the number of active malware families targeting business networks during the first half of 2016 highlights the escalating threat levels that organizations are currently facing," said Nathan Schuchami, head of threat prevention, Check Point "Hackers are putting extensive effort into creating new, sophisticated malware families to defraud companies and steal data. Organizations need advanced threat prevention measures on their networks, endpoints and mobile devices to stop these threats before they fall victim to them."

About the Check Point Threat Index

Check Point's Threat Index is based on threat intelligence drawn from its ThreatCloud World Cyber Threat Map, which tracks how and where cyberattacks are taking place worldwide in real time. The Threat Map is powered by Check Point's ThreatCloud™ intelligence, the largest collaborative network to fight cybercrime which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database holds over 250 million addresses analyzed for bot discovery, over 11 million malware signatures and over 5.5 million infected websites, and identifies millions of malware types daily. 

Check Point's Threat Prevention Resources are available at: http://www.checkpoint.com/threat-prevention-resources/index.html

Follow Check Point via:

Twitter: http://www.twitter.com/checkpointsw
Facebook: https://www.facebook.com/checkpointsoftware
Blog: http://blog.checkpoint.com
YouTube: http://www.youtube.com/user/CPGlobal
LinkedIn: https://www.linkedin.com/company/check-point-software-technologies

About Check Point Software Technologies Ltd.

Check Point Software Technologies Ltd. (www.checkpoint.com) is the largest network cyber security vendor globally, providing industry-leading solutions and protecting customers from cyberattacks with an unmatched catch rate of malware and other types of threats. Check Point offers a complete security architecture defending enterprises -- from networks to mobile devices -- in addition to the most comprehensive and intuitive security management. Check Point protects over 100,000 organizations of all sizes.