{"id":9277,"date":"2019-02-16T12:39:03","date_gmt":"2019-02-16T07:09:03","guid":{"rendered":"https:\/\/www.technologyforyou.org\/?p=9277"},"modified":"2019-02-16T12:39:03","modified_gmt":"2019-02-16T07:09:03","slug":"january-2019s-most-wanted-malware-a-significant-new-threat-speaks-up","status":"publish","type":"post","link":"https:\/\/www.technologyforyou.org\/january-2019s-most-wanted-malware-a-significant-new-threat-speaks-up\/","title":{"rendered":"January 2019\u2019s Most Wanted Malware : A Significant New Threat Speaks Up"},"content":{"rendered":"
\n

\u2022 Check Point\u2019s researchers detect growth of \u2018SpeakUp\u2019 \u2013 a new Linux backdoor which is spreading the XMRig crypto-mining malware<\/span><\/h4>\n<\/blockquote>\n

Check Point Software Technologies Ltd.,\u00a0a leading provider of cyber-security solutions globally, has published its latest Global Threat Index for January 2019. The index reveals a new backdoor Trojan affecting Linux servers, which is distributing the XMRig crypto-miner. The new malware, dubbed\u00a0SpeakUp, is capable of delivering any payload and executing it on compromised machines.<\/span><\/p>\n

\n
\n
\n

The new Trojan currently evades all security vendors\u2019 anti-virus software.\u00a0It has been propagated through a series of exploitations based on commands it receives from its control center, including the 8th<\/sup>\u00a0most popular exploited vulnerability, \u201cCommand Injection over HTTP\u201d. Check Point\u2019s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.<\/span><\/p>\n

In January, the top 4 most prevalent malware variants were cryptominers. Coinhive remains the top malware, impacting 12% of organizations worldwide. XMRig was once again the second most prevalent malware with a global impact of 8%, followed by Cryptoloot miner with an impact of 6% of organizations globally. While there are four cryptominers in January\u2019s index, half of all malware forms in the top ten can be used to download further malware to infected machines.<\/span><\/p>\n

Maya Horowitz, Threat Intelligence Group Manager at Check Point commented: \u00a0\u201cWhile January saw little change in the malware forms aimed at enterprises worldwide, we are beginning to see new ways to distribute malware. Threats like these are a stark warning of bigger threats to come. Backdoors like Speakup can evade detection and then distribute further, potentially more dangerous malware to compromised machines. Since Linux is used extensively in enterprise servers, we expect Speakup will be a threat that will grow in scale and severity throughout the year.\u201d<\/span><\/p>\n

January 2019\u2019s Top 3 \u2018Most Wanted\u2019 Malware :<\/strong><\/span><\/p>\n

The arrows relate to the change in rank compared to the previous month.<\/span><\/strong><\/p>\n

    \n
  1. \u2194 Coinhive<\/strong>\u00a0\u2013 Crypto Miner designed to perform online mining of Monero cryptocurrency when a user visits a web page without the user\u2019s knowledge or approval the profits with the user. The implanted JavaScript uses a great deal of the computational resources of end users\u2019 machines to mine coins, and may crash the system.<\/span><\/li>\n
  2. \u2194<\/strong>\u00a0XMRig<\/strong>\u2013 Open-source CPU mining software used for the mining process of the Monero cryptocurrency, and first seen in-the-wild on May 2017.<\/span><\/li>\n
  3. \u2191<\/strong>\u00a0Cryptoloot \u2013\u00a0<\/strong>Crypto-Miner that uses the victim\u2019s CPU or GPU power and existing resources for crypto mining \u2013 adding transactions to the blockchain and releasing new currency. It is a competitor to Coinhive, trying to pull the rug under it by asking a smaller percentage of revenue from websites.<\/span><\/li>\n<\/ol>\n

    Hiddad, the modular backdoor for Android which grants privileges to downloaded malware, has replaced Triada at first place in the top mobile malware list. Lotoor follows in second place, while Triada has fallen to third place.<\/span><\/p>\n

    January\u2019s Top 3 \u2018Most Wanted\u2019 Mobile Malware :<\/strong><\/span><\/p>\n

      \n
    1. Hiddad\u00a0<\/strong>\u2013 Modular Backdoor for Android which grants super user privileges to downloaded malware, as helps it to get embedded into system processes.<\/span><\/li>\n
    2. Lotoor<\/strong>\u2013 Hack tool that exploits vulnerabilities on Android operating system in order to gain root privileges on compromised mobile devices.<\/span><\/li>\n
    3. Triada\u00a0<\/strong>\u2013 Modular Backdoor for Android which grants super user privileges to downloaded malware, as helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.<\/span><\/li>\n<\/ol>\n

      Check Point researchers also analyzed the most exploited cyber vulnerabilities. CVE-2017-7269 remained in first place with a global impact of 47%. Following closely behind, Web Server Exposed Git Repository Information Disclosure was in second place and OpenSSL TLS DTLS Heartbeat Information Disclosure followed in third, impacting 46% and 45% of organizations around the world respectively.<\/span><\/p>\n

      January\u2019s Top 3 \u2018Most Exploited\u2019 vulnerabilities :<\/strong><\/span><\/p>\n

        \n
      1. \u2194 Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow (CVE-2017-7269)<\/strong>\u00a0\u2013 By sending a crafted request over a network to Microsoft Windows Server 2003 R2 through Microsoft Internet Information Services 6.0, a remote attacker could execute arbitrary code or cause a denial of service conditions on the target server. That is mainly due to a buffer overflow vulnerability resulted by improper validation of a long header in HTTP request.<\/span><\/li>\n
      2. \u2191 Web Server Exposed Git Repository Information Disclosure<\/strong>\u2013 An information disclosure vulnerability has been reported in Git Repository. Successful exploitation of this vulnerability could allow an unintentional disclosure of account information.<\/span><\/li>\n
      3. \u2193 OpenSSL TLS DTLS Heartbeat Information Disclosure (CVE-2014-0160; CVE-2014-0346)<\/strong>\u00a0\u2013 An information disclosure vulnerability exists in OpenSSL. The vulnerability is due to an error when handling TLS\/DTLS heartbeat packets. An attacker can leverage this vulnerability to disclose memory contents of a connected client or server.<\/span><\/li>\n<\/ol>\n

        Check Point\u2019s Global Threat Impact Index and its ThreatCloud Map is powered by Check Point\u2019s ThreatCloud intelligence, the largest collaborative network to fight cybercrime which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database holds over 250 million addresses analyzed for bot discovery, more than 11 million malware signatures and over 5.5 million infected websites, and identifies millions of malware types daily.<\/span><\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

        \u2022 Check Point\u2019s researchers detect growth of \u2018SpeakUp\u2019 \u2013 a new Linux backdoor which is spreading the XMRig crypto-mining malware Check Point Software Technologies Ltd.,\u00a0a leading provider of cyber-security solutions globally, has published its latest Global Threat Index for January 2019. The index reveals a new backdoor Trojan affecting Linux servers, which is distributing the […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[3688,3854,160,4521,1442,4522,3727,4523],"class_list":{"0":"post-9277","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-cyber-security","7":"tag-check-point","8":"tag-check-point-software-technologies-ltd","9":"tag-cybersecurity","10":"tag-january-2019s-most-wanted-malware","11":"tag-malware","12":"tag-most-wanted-malware","13":"tag-top-3-most-wanted-malware","14":"tag-xmrig-crypto-mining-malware"},"_links":{"self":[{"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/posts\/9277","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/comments?post=9277"}],"version-history":[{"count":0,"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/posts\/9277\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/media?parent=9277"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/categories?post=9277"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/tags?post=9277"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}