By Emeka Aginam
LATEST study just released by Check Point has revealed that five African nations were among the top 10 most attacked countries in November 2016 as cybercriminals made increasing use of ransomware attacks using the Locky and Cryptowall viruses.
Check Point’s threat index is based on threat intelligence drawn from its ThreatCloud World Cyber Threat Map, which tracks how and where cyber attacks are taking place worldwide in real time.
The Threat Map is powered by Check Point’s ThreatCloud intelligence, the largest collaborative network to fight cybercrime, which delivers threat data and attack trends from a global network of threat sensors.
The ThreatCloud database holds over 250 million addresses analysed for bot discovery, over 11 million malware signatures and over 5.5 million infected websites, and identifies millions of malware types daily.
According to the report, both Locky and Cryptowall attacks increased by 10% globally over the past month. Botswana was the most-attacked country in Check Point’s list of 117 nations at risk, followed by Malawi in second place, Namibia in fourth, Uganda in ninth and the Democratic Republic of Congo in tenth place.
Accordingly, South Africa moved up to 31 on the list from 58th position in October, while Kenya dropped to 24th just as Nigeria climbed slightly to 108th position, from 116th the previous month.
In its monthly global Threat Index, a ranking of the most prevalent malware families attacking organisations’ networks, Check Point study revealed a 10% increase in the number of attacks using Locky and Cryptowall and found both the number of active malware families and number of attacks remained close to an all time high as the number of attacks on business networks continued to be relentless.
Based on the report, Locky spreads mainly via spam emails containing a downloader disguised as a Word or Zip file attachment, which then downloads and installs the malware that encrypts the user files. Locky, the report revealed was the no1 malware family in the largest amount of countries, including 34 countries compared to Conficker, which was the top malware in 28 countries.
The pattern, the study further revealed highlighted the growing threat posed to corporate networks by ransomware and suggested that many organisations are simply paying ransoms to secure the return of their files, making it an attractive and lucrative attack vector for cybercriminals.
Conficker, the study said, retained its position as the world’s most prevalent malware, responsible for 15% of recognised attacks.
Second placed Locky, which only started its distribution in February of this year, the report added, was responsible for 6 percent of all attacks, and third-placed Sality was responsible for 5% of known attacks.
Overall, the top ten malware families were responsible for 45% of all known attacks, the report said. The Ramnit banking Trojan, the report further revealed saw the largest increase in attacks globally in November, entering Check Point’s top 10 ranking for the first time as the sixth most common malware.
“ It more than doubled its amount of infections since last October, and was mainly seen in Turkey, Brazil, India, Indonesia and the U.S. Ramnit is used to steal banking credentials, FTP passwords, session cookies and personal data.
“For the eighth consecutive month, HummingBad remains the most common malware used to attack mobile devices globally”, the report added.
While mobile malware families continued to pose a significant threat to businesses, Rick Rogers, Area Manager for East and West Africa at Check Point Software Technologies, explained that, “Ransomware attacks are still growing in volume for a simple reason – they work and generate significant revenues for the attackers. Organisations are struggling to effectively counteract the threat posed by this insidious attack form; many simply don’t have the right defences in place, and may not have educated staff on how to recognise the signs of a potential ransomware attack in incoming emails.
“This, of course, only makes it even more attractive to criminals. Organisations must use advanced threat prevention measures on networks, endpoints and mobile devices to stop malware at the pre-infection stage, such as Check Point’s SandBlastZero-Day Protection, Threat Extraction, and Mobile Threat Prevention solutions, to ensure that they are adequately secured against the latest threats,”