A quarter of companies worldwide suffered an infection at the hands of Fireball malware or WannaCry ransomware in May 2017, reveals an ongoing threat index.
In its latest Global Threat Impact Index, researchers at Check Point Software Technologies found that Firewall affected one in five organizations globally in May 2017. The creators of this program designed it primarily to hijack users’ web browsers and generate ad revenue. But built-in malicious potential combined with an infection of over 250 million machines earned this malware the top spot in Check Point’s index.
By contrast, WannaCry infected eight percent of companies worldwide in May 2017. Its victims, which included the United Kingdom’s National Health Service (NHS) and the telecommunications giant Telefonica, suffered infections after WannaCry abused a Windows vulnerability using exploit code developed by the NSA and leaked online by the Shadow Brokers. WannaCry affected more than 300,000 organizations worldwide beginning with its 12 May global outbreak. Even so, the ransomware fell short in Check Point’s index to RoughTed, a malvertising campaign which struck 16 percent of companies.
Other well-known threats such as Jaff ransomware and RIG exploit kit also made Check Point’s list of the top 10 “most wanted” malware in May 2017.
As for mobile threats, Hummingbad came in at number one followed by Hiddad, an Android threat which has masqueraded as fake apps to flood devices with ads, and Triada, which can evade anti-virus detection by abusing the DroidPlugin open-source sandbox.
Every month, Check Point’s researchers study the firm’s ThreatCloud intelligence. ThreatCloud consists of a database of over 250 million addresses analyzed for bot discovery, more than 11 million malware signatures, and 5.5 million compromised websites. It also analyses millions of malware samples every day. Using this intelligence, the researchers build their Global Threat Impact Index.
Check Point says its May index points to the persistence of ransomware attacks around the world:
“The findings show that the threat of ransomware is not going away. Organizations need to remember the financial impact from an attack goes far beyond the initial incident. Restoring key services and repairing reputational damage can be a very long and expensive process. Organizations in every industry sector need a multi-layered approach to their cybersecurity.”
That approach includes using secure configuration management (SCM) to monitor endpoints for anomalous activity. It also includes security best practices like backing up data regularly and implementing software patches.