Check Point Research, the Check Point Software Technologies Ltd. research division, published the latest World Threat Index for 2019 in May.
The research team warns organizations to control and update systems vulnerable to BlueKeep Microsoft RDP vulnerability (CVE-2019-0708) to machineματα που λειτουργούν με Windows 7 και Windows Server 2008, για να αποφευχθεί ο κίνδυνος εκμετάλλευσης για επιθέσεις ransomware και cryptomining.
BlueKeep's vulnerability affects about 1 million machines that have Internet access, and even more that are within organizations networks.
Vulnerability is critical because it does not require interaction with the user to be exploited for malicious purposes. RDP is an established, popular attacker that has been used to install ransomware such as SamSam and Dharma.
The Check Point Research team has identified in recent weeks multiple attempts to scan for this flaw coming from different countries worldwide, which could be the initial phase of identifying an attack. In addition to of relevant Microsoft updates, Check Point provides protection both in the network and in the endpoint for this attack.
Maya Horowitz, Check Point's Information and Research Director, commented:
The biggest threat we saw last month was BlueKeep. Although there have still been no exploitative attacks, there is plenty of evidence publicly demonstrating that the project is under way.
We agree with Microsoft and other cybersecurity industry observers that BlueKeep could be used to launch attacks on a similar scale to the WannaCry and NotPetya campaigns that took place in 2017. A single computer with this particular flaw it can be used to infect an entire network.
Then all infected computers with Internet access can infect other vulnerable devices around the world - allowing the attack to spread exponentially, at an unstoppable rate. It is therefore crucial that organizations protect themselves - and others - by repairing the defect now, before it is too late.
In another important news from the cybersecurity industry in May, its developers affiliate program GandCrab Ransomware-as-a-Service, during the last day of May, announced that they shut down and asked their partners to stop distributing ransomware within 20 days.
The business was active from January of 2018 and in just two months it infected more than 50.000 victims. Total profits for developers and partners amount to billions of dollars.
Being one of the malware that was very common on the 10 list, GandCrab was often updated with new features to avoid detection tools.
3 most widespread malware threats in May 2019:
* The arrows indicate the change in rank relative to the previous month.
- ↔ Cryptoloot - Cryptocurrency mining software that uses the power of central unitprocessing power (CPU) or graphics processing unit (GPU) and the victim's existing resources for cryptomining – adding transactions to the blockchain and producing new coins. It competes with Coinhive, trying to displace it by asking for a smaller percentage of revenue from websites.
- ↔ XMRig - XMRig is an open source CPU mining software for the production process of Monero cryptography that was first released in May 2017.
- ↔ JSEcoin - JavaScript mining software that can be embedded into websites. With JSEcoin, you can run your mining software directly in your browser in exchange for a browser-free experience. advertisements, game coins and other incentives.
3 most widespread malware malware for mobile devices in May 2019:
For May, Lotoor was the most widespread mobile malware, and in April it was second. The Triada falls from first place in the third, while Hiddad rises from third place to second.
- ↑ Lotoor- A hacker tool that exploits vulnerabilities in the Android operating system to gain full root access to infringing mobile devices.
- ↑ Hiddad - Malicious Android software that repackages legitimate applications and then makes them available in a third-party store. Its main function is to show ads, however, it is also capable of accessing important security features embedded in the operating system, allowing an attacker to gain sensitive user data.
- ↓ Triada - Modular backdoor for Android that grants super user rights to downloaded malware, helping it integrate into system processes. Triada has also been observed to mislead URLs loaded into the browser.
Check Point researchers also analyzed cyber-vulnerabilities that are most often exploited. The OpenSSL TLS DTLS Heartbeat Information Disclosure is at the top, affecting 44% of organizations worldwide.
For the first time after 12 months the vulnerability CVE-2017-7269 was in second place, affecting 40% of organizations worldwide while the third place is occupied by vulnerability CVE-2017-5638 affecting 38% of organizations worldwide.
3 vulnerabilities "most likely to be exploited" for May 2019:
In May there was a return to traditional attack techniques (probably due to the decrease in profitability of cryptominers), with SQL Injections being at the top of the relevant list affecting 49% of organizations worldwide. Web Server Exposed Git Repository Disclosure Information and OpenSSL TLS DTLS Heartbeat Information Disclosure are in second and third place, affecting 44% and 41% of global organizations respectively.
- ↑ SQL Injection - Η επίθεση έγκειται σε crafted SQL queries σε φόρμες ώστε να ξεγελαστεί η εφαρμογή που τα επεξεργάζεται, παρακάμπτοντας όποιον έλεγχο και να τα εκτελέσει επιτρέποντας με αυτόν τον τρόπο στον εισβολέα να δώσει εντολές στη base δεδομένων για να διαρρεύσει από αυτή δεδομένα
- ↑ Website Server & Hosting Exposed Go Repository Information Disclosure - There are reports of information disclosure vulnerability in the Git Repository. Successful exploitation of this vulnerability could allow unauthorized disclosure of user account information.
- ↓ OpenSSL TLS DTLS Heartbeat Information Disclosure (CVE-2014-0160; CVE-2014-0346) - A vulnerability to information disclosure that exists in OpenSSL. Vulnerability is due to an error handling TLS / DTLS heartbeat packets. An attacker could exploit this vulnerability to reveal the contents of a logged-in client or server memory.
___________________
- Exploit Windows in a highly targeted attack
- Microsoft: Android apps with ads
- How internet speed tests work and how accurate they are
