Category Archives: ThreatCloud

Conficker is commonest criminal in the cloud says ThreatCloud report

Secure cloudThree families of malware account for 40% of all the crime on the cloud across the globe, according to a new report from security firm Checkpoint.

The company’s ThreatCloud report looked at statistics drawn from intelligence feeding in from Check Point’s global presence in October 2015. It identified more than 1,500 different malware families globally active in that month alone. The ThreatCloud World Cyber Threat Map uses software agents and monitors to tracks how and where cyberattacks are taking place worldwide in real time.

Three malware families, the Conflickers, Salitys and Cutwails, accounted for 40% of all recorded attacks. The report also uncovered a new trend for criminals to try to assume control of networks by focusing on remote control of infected PCs. Increasingly, these are used to launch distributed denial of service (DDoS) and spamming campaigns against service providers.

Attacks on individuals also rose sharply, though these tended to be concentrated around malware families that are involved in ransomware scams. Identity theft and the stealing of users’ information  also rose sharply. The use of kits, such as the Neutrino ransomware exploit kit Fareit malware, which steals user information from web browsers and emails, increased dramatically. In one month this criminal modus operandum rose from being the 93rd most used scam to the 10th most common form of malware seen in October.

International organisations, such as cloud service operators, are most likely to be targeted by Conficker which accounted for 20% of all attacks globally. The UK experienced a lower number of attacks than many countries European nations and was ranked 110th most vulnerable region out of 133 target countries globally. By comparison Germany ranked 93rd, Switzerland 89th, Spain 57th and France 54th. Italy is home to Europe’s most endangered cloud, being the 40th most likely country to house a victim of an attack.

It’s easy for hackers to make small changes to malware code to enable it to bypass conventional cloud defences, according to Checkpoint’s UK regional director Simon Moor. “Companies should consider deploying advanced technologies,” said Moor.

The ThreatCloud database holds over 250 million addresses analysed for bot discovery, over 11 million malware signatures and over 5.5 million infected websites.