More than one in four organizations globally was affected by the Fireball or WannaCry attacks during May. According to Check Point’s latest Global Threat Impact Index, two of the top three malware families that impacted networks globally were zero-day, previously unseen attacks. Fireball impacted one in five organizations worldwide, with second-place RoughTed impacting 16% and third-place WannaCry affecting nearly 8% of organizations globally.
These two malware variants, Fireball and WannaCry, rapidly spread worldwide throughout the month of May. Fireball takes over target browsers and turns them into zombies, which it can then use for a wide range of actions including dropping additional malware or stealing valuable credentials. WannaCry takes advantage of a Windows SMB exploit called EternalBlue in order to propagate within and between networks. WannaCry was particularly high profile, bringing down a myriad of networks worldwide.
By contrast, RoughTed is a large-scale malvertising campaign used to deliver various malicious websites and payloads such as scams, adware, exploit kits and ransomware. It can be used to attack any type of platform and operating system, and utilizes ad-blocker bypassing and fingerprinting in order to make sure it delivers the most relevant attack.
In addition to the top three, there were also other new variants seen within the top ten of the index including Jaff, (No 8) another form of ransomware, demonstrating how profitable this particular attack vector is proving for malicious parties.
The top mobile malwares were Hummingbad, an Android malware that establishes a persistent rootkit on the device, installs fraudulent applications, and with slight modifications could enable additional malicious activity such as installing a key-logger, stealing credentials and bypassing encrypted email containers used by enterprises; Hiddad, an Android malware which repackages legitimate apps and then releases them to a third-party store; and Triada, a modular backdoor for Android which grants superuser privileges to downloaded malware, as helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.
“To see so many brand-new malware families among the world’s most prevalent cyberattacks this month underlines just how innovative cyber-criminals can be, and shows how dangerous it is for organizations to become complacent,” said Maya Horowitz, threat intelligence group manager at Check Point. “Organizations need to remember that the financial impact from cyber-attacks goes way beyond the initial incident. Restoring key services and repairing reputational damage can be a very long and expensive process.”