The research team warns organizations about a new vulnerability discovered in the OpenDreamBox 2.0.0 WebAdmin Plugin that affected 32% of organizations worldwide in July.
This particular vulnerability, ranked eighth with the most commonly exploited vulnerabilities, allows attackers to execute remote commands on target machines. The vulnerability exploit was triggered in parallel with other attacks targeting IoT devices - more specifically the execution of the MVPower DVR remote code (the third most popular vulnerability exploited in July). This program is also known to be associated with the infamous Mirai botnet.
Cryptoloot use also declined sharply during July, ranking 10th in the list of the most widespread malware, while in June it was third.
"Malicious actors try to take advantage of new vulnerabilities as soon as they appear, before organizations can fix them. Vulnerability in OpenDreamBox is no exception. However, the fact that almost one third of the organizations worldwide are affected is surprising. "This highlights the importance of quickly correcting such vulnerabilities for business security," said Maya Horowitz, Director of Information and Threat Research. Check Point.
"The sharp decline in the use of Cryptoloot is also of interest. This software had dominated the last one and a half years while being the second most prevalent version of malware in the first six months of 2019. and captured the second most common variant of malware observed in the first half of 2019, affecting 7,2% of organizations worldwide. We believe the decline is linked to its main competitor, Coinhive, which stopped operating earlier within 2019. Cybercriminals rely on alternative malicious cryptomining software such as XMRig and Jsecoin. "
Check Point: The 3 most common malware threats in July 2019:
* The arrows indicate the change in rank relative to the previous month.
XMRig is at the top of the list, affecting 7% of organizations worldwide. Jsecoin and Dorkbot followed, affecting 6% of organizations globally.
1. ↔ XMRig - XMRig is an open source CPU mining software for the production process of the Monero cryptocurrency that was first observed in May 2017.
3. ↑ Dorkbot - Worm based on IRC, designed to allow remote execution of code by its operator, as well as downloading additional malicious software to the infected system, with the primary purpose of stealing sensitive information and performing denial of service attacks.
Check Point: The 3 most common malware threats for mobile devices in July 2019:
During July, Lotoor was the most widespread malware on mobile, followed by AndroidBauts and Piom - two new malware families appearing on the list for the first time.
1. Lotoor - A hacking tool that exploits vulnerabilities in the Android operating system to gain full access rights (root) to infringed mobile devices.
2. AndroidBauts - This is Adware that targets Android users. The software deletes the IMEI, IMSI, GPS location and other device information and allows third-party applications to be installed on the device.
3. Piom - This is Adware that monitors the user's browsing behavior and distributes unwanted ads based on the user's activity.
Check Point: The 3 vulnerabilities "that were most often exploited" in July 2019
In June, SQL Injections continued to top the list, affecting 46% of organizations worldwide. The OpenSSL TLS DTLS Heartbeat Information Disclosure vulnerability came in second, affecting 41% of organizations worldwide, closely followed by the MVPower DVR Remote Code Execution with an impact on 40% of organizations worldwide.
1. Q SQL Injection (various techniques) - This is the insertion of an SQL query into the data provided by the client in an application, thus exploiting a vulnerability that exists in the code of that application.
2. ↔ OpenSSL TLS DTLS Heartbeat Information Disclosure (CVE-2014-0160; CVE-2014-0346) - A vulnerability to information disclosure that exists in OpenSSL. The vulnerability is due to an error when handling heartbeat TLS / DTLS packets. An attacker could exploit this vulnerability to reveal the contents of a logged-in client or server memory.
3. ↑ MVPower DVR Remote Code Execution - MVPower DVRs have a vulnerability to code remotely. A remote attacker can exploit this flaw and execute arbitrary code on the affected router via a crafted request.
* The full list of the most common malware threats worldwide 10 can find yourself here.