Include:
Tech
Cybersecurity
Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.

Location

333 West San Carlos Street
San Jose, California 95110
United States

WWW: acer.com

ChannelPro Network Awards

hello 2
hello 3

Press Releases

August 17, 2018 |

July’s Most Wanted Malware: Attacks Targeting IoT and Networking Vulnerabilities on the Rise

Cyber attacks targeting IoT and network router vulnerabilities doubled since May 2018, says Check Point’s latest Global Threat Index

Check Point Software Technologies Ltd.†(NASDAQ: CHKP),†a leading provider of cyber-security solutions globally, has published its latest Global Threat Index for July 2018, revealing a significant increase in exploits targeting three major IoT vulnerabilities. These attacks, which are linked to the propagation of IoT malware such as Mirai, IoTroop/Reaper, and VPNFilter, have more than doubled since May 2018.

During July 2018, three IoT vulnerabilities entered the Top 10 most exploited list:†MVPower DVR router Remote Code Execution†at #5; D_Link DSL-2750B router Remote Command Execution†at #7; and†Dasan GPON router Authentication Bypass†at #10. Together, 45% of organizations across the world were impacted by attacks targeting these vulnerabilities, compared with 35% in June 2018 and 21% in May. These vulnerabilities all enable attackers to execute malicious code and gain remote control of the target devices.

“Known vulnerabilities offer cyber-criminals an easy, relatively frictionless entry point into corporate networks, enabling them to propagate a wide range of attacks,” Maya Horowitz, Threat Intelligence Group Manager at Check Point commented. “IoT vulnerabilities, in particular, are often ‘the path of least resistance’, as once one device is compromised, it can be straightforward to infiltrate further connected devices. As such, it is vital that organizations apply patches to known vulnerabilities as and when they are made available to ensure that networks remain secure.”

“In order to protect from both known and unknown vulnerabilities, it is critical that enterprises employ a multi-layered cybersecurity strategy that protects against both established malware families cyber-attacks and brand new threats,”†Horowitz added.

Coinhive remained the most prevalent malware, with impact on 19% of organization worldwide. Cryptoloot and Dorkbot were ranked in second and third place respectively, each with a global impact of 7%.

July’s 2018’s Top 3 ‘Most Wanted’ Malware:
*The arrows relate to the change in rank compared to the previous month.

  1. ‚Üî Coinhive†- Crypto Miner designed to perform online mining of Monero cryptocurrency when a user visits a web page without the user’s knowledge or approval the profits with the user. The implanted JavaScript uses a great deal of the computational resources of end users’ machines to mine coins, and may crash the system.
  2. ‚Üî Cryptoloot†- Crypto-Miner, using the victim’s CPU or GPU power and existing resources for crypto mining – adding transactions to the blockchain and releasing new currency. It is a competitor to Coinhive, trying to pull the rug under it by asking a smaller percentage of revenue from websites.
  3. ‚Üî Dorkbot -†IRC-based Worm designed to allow remote code execution by its operator, as well as the download of additional malware to the infected system. It is a banking Trojan, with the primary motivation being to steal sensitive information and launch denial-of-service attacks.

Lokibot, an Android banking Trojan and info-stealer, was the most popular malware used to attack organizations’ mobile estates followed by the Lokibot and Guerilla.

July’s Top 3 ‘Most Wanted’ mobile malware:

  1. Lokibot†– Android banking Trojan and info-stealer, which can also turn into a ransomware that locks the phone in case its admin privileges are removed.
  2. Triada†– Modular Backdoor for Android which grants superuser privileges to downloaded malware, as helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.
  3. Guerilla†– Android ad-clicker which has the ability to communicate with a remote command and control (C&C) server, download additional malicious plugins and perform aggressive ad-clicking without the consent or knowledge of the user.

Check Point researchers also analyzed the most exploited cyber vulnerabilities. In first was†CVE-2017-7269, with a global impact of 47%. In second place was†CVE-2017-5638†with a global impact of 42%, closely followed by†OpenSSL TLS DTLS Heartbeat Information Disclosure,†impacting 41% of organizations around the world.

July’s Top 3 ‘Most Exploited’ vulnerabilities:

  1. ‚Üî Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow (CVE-2017-7269)†- By sending a crafted request over a network to Microsoft Windows Server 2003 R2 through Microsoft Internet Information Services 6.0, a remote attacker could execute arbitrary code or cause a denial of service conditions on the target server. That is mainly due to a buffer overflow vulnerability resulted by improper validation of a long header in HTTP request.
  2. ‚Üë Apache Struts2 Content-Type Remote Code Execution (CVE-2017-5638)†- A remote code execution vulnerability exists in the Apache Struts2 using Jakarta multipart parser. An attacker could exploit this vulnerability by sending an invalid content-type as part of a file upload request. Successful exploitation could result in execution of arbitrary code on the affected system.
  3. ‚Üë OpenSSL TLS DTLS Heartbeat Information Disclosure (CVE-2014-0160; CVE-2014-0346)†- An information disclosure vulnerability exists in OpenSSL. The vulnerability is due to an error when handling TLS/DTLS heartbeat packets. An attacker can leverage this vulnerability to disclose memory contents of a connected client or server.

Check Point’s Global Threat Impact Index and its ThreatCloud Map is powered by Check Point’s ThreatCloud intelligence, the largest collaborative network to fight cybercrime which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database holds over 250 million addresses analyzed for bot discovery, more than 11 million malware signatures and over 5.5 million infected websites, and identifies millions of malware types daily.


Editor’s Choice

Future of Customer Service: Will AI Take Over?

March 28, 2024 |

As customers push for faster, better service, many MSPs are thinking about incorporating AI in some capacity to up the ante.

MSP360 Bolsters Managed Backup Solution With Full Sharepoint Backup and Restore, Object Lock, and More

March 25, 2024 |

MSP360 CEO Brian Helwig details the latest improvements in its managed backup solutions and teases some new opportunities down the road for its partners in an exclusive ChannelPro interview.

Peer to Peer: Aurora’s Philip de Souza shares his secrets to creating a successful MSSP

March 19, 2024 | Philip de Souza

“It’s important that we understand when it comes to this whole MSP world that it’s all about the customer.”

3 Critical Steps to Getting the Most Out of Your Microsoft Purview Investment

March 8, 2024 | Chris Clark

Microsoft Purview is a complex solution because it’s so comprehensive. Fortunately, MSPs are well-positioned to help.


Related News

Growing the MSP

Explore ChannelPro

Events

Reach Our Audience