Cybercriminals have a plethora of weapons at their disposal when it comes to launching attacks, but one particular trend has been dominating the threat landscape for the past few months. According to the latest Global Threat Index released by Check Point, targeting known vulnerabilities with crypto-mining malware has been the weapon of choice for many malicious actors.
Researchers have observed a concerning trend where cybercriminals are exploiting known vulnerabilities, despite patches being available for at least six months. The Top Ten Most Wanted Malware Index for April 2018 highlights the prevalence of crypto-mining malware, mobile malware, and vulnerabilities that are being actively exploited by attackers.
Two vulnerabilities, in particular, have caught the attention of cyber-criminals worldwide. The first vulnerability targets Microsoft Windows Server 2003 (CVE-2017-7269), with 46% of global organizations falling victim to this exploit. The second vulnerability affects Oracle WebLogic (CVE-2017-10271), with 40% of organizations being targeted.
The most prevalent malware identified in the report is a Coinhive variant designed to mine Monero without the user’s consent. This malware holds the top spot with a global reach of 16%, closely followed by Cryptoloot at 14%. As crypto-mining malware continues to evolve, cyber-criminals are constantly innovating their techniques to maximize their illicit gains.
The prevalence of these attacks is concerning, especially considering that patches for these vulnerabilities have been available for a significant period of time. Maya Horowitz, threat intelligence group manager at Check Point, expressed her dismay at the high number of organizations falling victim to these known vulnerabilities.
Robert Corradini, director of product management at 5nine, emphasized the importance of maintaining systems with the latest patches to mitigate the risk of falling prey to such attacks. Internal personnel not following best practices in patch management can leave organizations vulnerable to exploitation by cyber-criminals.
In light of these findings, it is crucial for organizations to prioritize cybersecurity measures and ensure that their systems are up to date with the latest patches. By staying vigilant and implementing robust security practices, businesses can safeguard themselves against the growing threat of crypto-mining malware.
If you found this information valuable, consider watching our #InfosecWebinar on Malware in IoT, Crypto-coins & Smart Devices for further insights into the evolving threat landscape.