Check Point released their 2019 Mid-year report with the major cyber-attacks in 2019 revealing that European companies in general still at risk of cyber breaches and attacks, putting at risk sensitive information of billions of people. What characterizes 2019 is not the number of reported breaches, but rather their magnitude.
The extensive report brings up information revealing the development of new toolsets and techniques, targeting corporate assets stored on cloud infrastructure, individuals’ mobile devices, trusted third-party suppliers’ application and even popular mail platforms.
It’s not a surprise that even with all the cybersecurity awareness and investments, companies can’t beat the hackers and their ability to come up with new tactics. One of the dominating ongoing trends in 2019 is targeted by ransomware attacks. The collaboration between threat actors allowed even more destructive attacks that paralyzed numerous organizations worldwide. What ends with a ransomware attack usually starts with a more silent sequence of bot infections.
Check Point report exposed a comprehensive global amount of data for the purpose of this article we gathered information related to Europe in 2019. You can check the full report here.
Highlights from Europe, the Middle East, and Africa
January: Highly sensitive personal data of over 100 German politicians, celebrities and journalists, including German Chancellor Angela Merkel, were leaked. The leaked data appears to have been collected from their personal smartphones and included mobile phone numbers, addresses, private conversations with families, holiday pictures, bills, and communications between politicians.
January: Airbus, the world’s second-largest manufacturers of commercial airplanes, was subject to a data breach exposing personal data of some of its employees as unauthorized attackers breached its “Commercial Aircraft business” information system.
February: The South African state-owned energy supplier “Eskom” experienced two security breaches. An unsecured database containing customer information was exposed to the internet and a corporate computer was infected with the AZORult information-stealing Trojan after an employee downloaded a cracked Sims 4 game.
April: The Georgia Institute of Technology suffered a data breach that exposed the personal information of 1.3 million current and former faculty members, students, staff and student applicants. By exploiting a vulnerability in its web app, an unauthorized entity gained access to the university’s central database.
EMEA Malware Statistics
Below we are analysing some Malware statistics from Europe, Middle East, and Africa, all together. The data comparisons presented in the following sections are based on data drawn from the Check Point Threat Cloud World Cyber Threat Map between January and June 2019.
Top Cryptomining Malware
Cryptomining Malware Global Analysis
Top Banking Malware
Banking Malware Global Analysis
Ramnit, the prolific Banking Trojan, has kept its place as the most prevalent banker of 2019 so far. Over the years, Ramnit has expanded its target array to include online advertising, web services, social networking sites, and e-commerce sites. This year Ramnit has returned to its roots and was spotted largely targeting financial services websites to coincide with tax return activity, primarily in Italy.
Top Botnet Malware
Botnet Malware Global Analysis
Emotet, once employed as a Banking Trojan, is nowadays an advanced, self-propagating and modular Trojan which also distributes spam emails and malware strains. Emotet leads the top Global, Americas and EMEA ranks as one of the most prevalent Botnets of the first half of 2019. This year, it seems Emotet became attackers’ favourite, massively delivering multiple other variants of malware as well as extending its capabilities with multiple novel evasion techniques.
Top Mobile Malware
Mobile Malware Global Analysis
Triada, the powerful Android modular Trojan, is once again starring in the charts, ranked first in the Global, EMEA and APAC regions. Considered one of the most advanced mobile malware, last year Triada was found pre-installed on Android smartphones, infecting hundreds of thousands of victims. In June, Google published a report stressing that Triada was injected into the system image of mobile devices through a third party during the production process. Another leading mobile malware throughout the first half of 2019 is Lotoor, a malware that can exploit numerous vulnerabilities on the Android operating system, allowing it to gain root privileges on compromised mobile devices.
High Profile Global Vulnerabilities
The truth is that the fast-paced environment that most of the companies are used to nowadays, the threats and vulnerabilities are also highly spreadable. Most of the attacks and risks are similar and have the same characteristics all over the world. The list below of the top attacks is based on data collected from the Check Point Intrusion Prevention System (IPS) sensor net. It brings also details of the most popular attack techniques observed by Check Point researchers in the first half of 2019.
BlueKeep Microsoft RDP (Remote Desktop Protocol) Vulnerability (CVE-2019-0708)
Exploiting Remote Desktop Protocol (RDP) is already an established, popular attack vector which could allow cybercriminals to access targeted machines and even install a backdoor for further malicious activities. The recently patched critical, wormable, Windows RDP vulnerability, dubbed BlueKeep, took the cybersecurity community by storm as it can spread automatically on unprotected networks, potentially leading to a Wannacry-scale attack. Shortly after Microsoft released its patch, actors started scanning the internet for vulnerable devices revealing that over 1 million machines are vulnerable to it.
Oracle WebLogic Server Vulnerabilities (CVE-2017-10271, CVE-2019-2725)
The various critical remote code execution vulnerabilities that reside in Oracle WebLogic Servers allow an unauthorized attacker to remotely execute arbitrary code and affect numerous applications and web enterprise portals using the servers. This year alone cybercriminals have exploited Oracle WebLogic Server vulnerabilities, including a newly discovered one patched this April, to deliver Sodinokibi ransomware, Satan ransomware and install Monero cryptomining malware.
DoS Vulnerabilities in Linux and FreeBSD – TCP SACK Panic (CVE-2019-11477, CVE-2019-11478, CVE-2019-5599, CVE-2019-11479)
A critical set of vulnerabilities was unveiled in 2019 that affected FreeBSD and Linux operating systems. The three flaws were found in the Linux kernel’s handling of TCP networking. Successful exploitation of one of the vulnerabilities is capable of remotely crashing servers and disrupting communications. The most severe vulnerability could allow a remote attacker to trigger a kernel panic on systems running the affected software and, as a result, impact the system’s availability.
Scans through email are always on the list and they are the most common way of being infected. The popularity improved the tactics and threat actors have introduced improved phishing tactics aimed at establishing credibility among the victims, as well as advanced evasion techniques to bypass mail security solutions.
According to the Check Point report, researchers witnessed a surge in the volume of Sextortion scams and business email compromise (BEC), which fraudulently trick victims into making a payment through blackmail or by convincingly impersonating others, respectively. Both scams adopt these elements and do not necessarily contain any malicious attachments or links, which makes them even harder to detect.
Email scammers have started to employ various evasion techniques designed to bypass security solutions and anti-spam filters. The various evasions we detected included encoded emails, images of the message embedded in the email body, as well as complex underlying code that mixes plain text letters with HTML character entities. Social engineering techniques, as well as varying and personalizing the content of the emails, are additional methods allowing the scammers to fly safely under the radar of anti-spam filters and reach their target’s inbox.
Determined to convince victims of their credibility, this year saw the Sextortion scammers doing everything possible to make their victims worried enough to pay up and avoid the publication of the alleged sexual materials. This mainly includes providing the victim’s personal credentials as evidence, which were usually leaked in previous data breaches or purchased in underground forums.
Other tactics, mainly common in BEC attacks, are domain and display-name spoofing as well as sending the emails from valid high-reputation entities such as compromised Microsoft Office 365 or Gmail accounts. In April, one sextortion campaign went as far as pretending to be from the CIA and warned victims they were suspected of distributing and storing child pornography while demanding $10,000 in Bitcoin.
One extremely relevant information from the report shows that throughout the first half of 2019, 90% of the attacks observed leveraged vulnerabilities registered in 2017 and earlier and over 20% of attacks used vulnerabilities that are at least seven years old. What led us to believe that the cybersecurity professionals and cybersecurity departments are not moving as fast as the threat actors.
*The article above was based on the information provided in this report.
In a fast-paced environment, investing in technical training is the best way to overcome the Cybersecurity challenges. At New Horizons Ireland we provide a wide range of Cybersecurity courses from different vendors and covering all paths that you might want to follow.
In the link below, you can check all our Cybersecurity paths and choose the best option for your career.
Talk to one of our Account Managers to check all your options and possibilities. New Horizons Ireland courses are available in a variety of modalities to attend your needs, such as online live, instructor led in our Dublin classroom and Mentored Learning, which is a convenient way to attend your course at your own pace and availability.