sb-as logo
Story image

Hancitor climbs its way to the top of 'world's most wanted' malware families

14 Mar 2017

The Hancitor/Chanitor malware has rapidly climbed to be one of the top five ‘world’s most wanted’ malware families for the first time, according to Check Point’s February Global Threat Impact Index.

Hancitor, also known as Chanitor, installs malicious payloads including ransomware and banking trojans on devices through a macro-enabled Office document.

Those documents are housed in phishing emails disguised to look like ‘important’ messages like voicemails, invoices or faxes.

“The rapid growth in the use of some malware variants grew during February, highlighting the challenges faced by IT departments worldwide. It is imperative organizations are sufficiently equipped to deal with the ever-increasing number of threats by adopting advanced security systems across their entire business network,” explains Nathan Shuchami, Check Point’s VP of emerging products.

The Global Threat Impact Index also named Kelihos, HackerDefender and Cryptowall as the top three malware.

Kelihos is a botnet used in bitcoin theft. It is responsible for 12% of attacks on organisations across the globe. It has evolved from what Check Point calls a ‘pump and dump’ spam campaign into a botnet for hire. It is now one of the most prominent spam distributors in the world with more than 300,000 infected machines capable of sending 200,000 emails per day.

HackerDefender, a user-mode rootkit for Windows, hit 5% or organisations. It is able to hide files, processes and registry keys. It can also use a backdoor and port redirector that can obscure its actions from traditional detection.

Cryptowall hit 4.5% of organisations. It started life as a Cryptolocker doppelganger, but then surpassed its use. Cryptowall is now one of the most prominent ransomwares to date. It uses AES encryption for conducting command and control communications over the Tor network. It is distributed through exploit kids, malvertising and phishing.

Hiddad, Hummingbird and Triada took out the top spots in mobile malware.

Hiddad is an Android malware that repackages genuine apps then launches them on a third party store. It shows ads and it is also able to access security details on the OS so attackers can get sensitive user data.

Hummingbad is an Android malware that installs a persistent rootkit on the device, installs fake applications and could also be used to install keyloggers, steal credentials or bypass encrypted email containers used by enterprises.

Triada is a modular backdoor for Android. It grants super user privileges to download malware and become embedded in system processes. It can also spoof URLs loaded in the browser.

“Overall, the top 3 malware families revealed that hackers were using a wide range of attack vectors and tactics to target businesses. These threats impact all steps of the infection chain, including spam emails which are spread by botnets, and contain downloaders that eventually place ransomware or a Trojan on the victim’s machine,” Check Point concludes.

Story image
Creating private data regulations for employees
Whether employees are hired on a part-time or full-time basis, everyone must know about data privacy regulations. Everyone needs to be responsible for keeping the organisation’s data secure. More
Story image
Video: 10 Minute IT Jams - Security expert discusses changing cyber-attacker behaviour
In this Jam to SonicWall senior manager of product marketing Brook Chelmo, who talks about the specific changes in cyber-attacker behaviour he's seen unfold this year, as well as some best practices that should be employed by CISOs to combat increasing risk profiles.More
Story image
How are industrial enterprises faring with the rise of cyber threats?
The majority of industrial enterprises face an increase in cyber threats since the COVID-19 pandemic began, according to a new report from Claroty titled The Critical Convergence of IT and OT Security in a Global Crisis.More
Story image
Radware launches DDoS protection for online gaming
“Online games are a massive, multi-billion-dollar industry, but they frequently fall victim to powerful and targeted DDoS attacks,"More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More
Story image
Report: Power utilities increasingly at risk of devastating cyber-attacks
“Utilities’ existing systems are becoming increasingly connected through sensors and networks, and, due to their dispersed nature, are even more difficult to control.”More