Banking Trojans rocket, while cryptomining is here to stay: Report

News by Mark Mayne

Cryptominers are the most common malware this month, although banking Trojans have increased by 50 percent during the past four months.

Cryptominers are the most common malware this month, although banking Trojans have increased by 50 percent during the past four months.

Two cryptominers top the ‘most wanted’ malware list for June, according to Check Point, while banking Trojan incidences have climbed by 50 percent over the last four months.

The top three malware packages detected in June are Coinhive, a JavaScript in-browser Monero miner that is often being used to hijack internet users systems to mine Monero without permission. Next comes Cryptoloot, a competitor to Coinhive that is attempting to undercut Coinhive by taking a lower percentage. Rounding out the top three is Dorkbot, an IRC-based Worm designed to allow remote code execution by its operator as well as downloading additional malware. Designed primarily as a banking Trojan, it can also launch denial-of-service attacks, and hit 7 percent of all organisations globally in June alone.

"Hackers are using a range of tools to find the most effective way to make a quick profit," Maya Horowitz, Threat Intelligence Group Manager at Check Point commented. "While cryptomining continues to be the most common type of malware used globally, we observed a similar rise in the use of banking Trojans during summer 2017. It’s possible that cyber-criminals are attempting to capitalise on the summer holiday period, with tourists paying less attention to cyber-security best practices and potentially accessing online banking across shared access devices and less secure connections. This underlines that malicious hackers are tenacious and sophisticated in their attempts to make money."

The Check Point Global Threat Index for June 2018 also analysed the most exploited vulnerabilities, the list being topped by CVE-2017-7269, with a global impact of 40 percent, followed by CVE-2017-10271 affecting 35 percent of organizations worldwide. In third place was SQL injection impacting 15 percent organisations globally.

Ed Williams, director EMEA, SpiderLabs at Trustwave told SC Media UK that he was disappointed by the vulnerability report: "I would be hoping for reports in 2018 not to contain references to FTP, vulnerabilities from the previous year and SQL injection.  As a collective we need to do better in terms of getting the basics right, we know that FTP is insecure, but somewhere and somehow the message is not getting through, and this lies at the feet of the security industry (of which I consider myself to be a part of), we need to be clearer in our message!

"The impact of banking trojans is, also, not a great surprise.  We know that criminals are motivated by money and we should be doing a better job at protecting environments, through the removal of weak services, patching quickly and robustly and managing user input safely and correctly.  None of these are new issues, in fact, in terms of security landscape they are as old as the hills."

In June, the UK was also the 113th most attacked country globally, less than World Cup rivals Croatia (105th), Belgium (108th) and France (84th). The US was the 109th most attacked country, and Germany the 120th most attacked.

Meanwhile, a separate report found that Ransomware has increased more than 200 percent globally, according to Sonicwall, totting up 181.5 million attacks since Jan, a 229 percent year-to-date increase.

Malware increase

Ransomware increase

Encrypted Threats increase
















Bill Conner, CEO of SonicWall told SC Media UK: "Our latest Threat Report shows cyber-attacks have increased across the board, with encrypted threats, previously a niche threat, quickly becoming a mainstream one. This exposes new vulnerabilities for small and large businesses alike.

"Based upon the sheer number of threats an average business faces every day, businesses must leverage a layered approach at the endpoint, firewall and cloud applications along with automated detection and machine learning with multi-engine sandbox technology that stops threats before they enter the enterprise."

Finally, however, James Hadley, CEO of Immersive Labs, was keen to point out that while threat awareness is important, it is not the full story: "Threat intelligence provides a cornerstone of a proactive cyber-security strategy. However, staying up to date with threats alone will not keep organisations free from a breach. Cyber-security teams must also have the knowledge and skills – in addition to technology - to deal with any new and emerging threats. The most successful security strategies marry threat intelligence with other fundamental elements of cyber security, such as the skills to effectively remediate and identify threats, to minimise risk to an organisation."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews