More African countries exposed to mobile malware
Tanzania, which was the most attacked country in the world in October, took a massive jump to 78th position on the list of 140 countries examined in November. Namibia, which was in fifth position last month, has replaced Tanzania to become the most-attacked African nation, placing second in November, after Saudi Arabia.
Other African nations that appeared in the top 20 include Cameroon (3), Mauritius (6), Tunisia (7), Malawi (10), Botswana (14), Nigeria (17) and Lesotho (20). South Africa slipped four places to 63rd, from 67th in October, while Kenya is now the 49th most attacked nation from 52nd in October.
Weaker security controls
"We're seeing an ongoing trend of cybercriminals exploiting weaker security controls in less developed African nations to target their more advanced counterparts," said Doros Hadjizenonos, country manager of Check Point South Africa.
"The rise in mobile malware also highlights the growing need for organisations to protect their employee's mobile devices, which process and carry valuable corporate data. Attackers have realised that these devices are an easier target compared with corporate networks, so it's critical that organisations deploy protection to prevent them being exploited and stop data leakage."
Malware families
Based on threat intelligence drawn from its ThreatCloud World Cyber Threat Map, which tracks how and where cyberattacks are taking place worldwide in real time, Check Point identified more than 1,200 different malware families during November. Two of the top three most common malware types, Conficker and Necurs, focus on disabling security services to create more vulnerabilities in the network, enabling them to be compromised further and used for launching DDoS and spam attacks.
Use of the Necurs family of malware grew 30 times compared with October 2015, seeing it rise from 53rd to third. Necurs is commonly combined with the Trojan Bedep, the use of which grew 250 times to make it the 12th most common malware globally, rising from 459th in October.
Both families are associated with the Angler Exploit Kit, which has been used in several high-profile malvertising attacks in which infected adverts are inserted into a publishers' website. These attacks continue to affect large online publishers and advertisement networks globally.
The top three malware families that accounted for nearly 40% of the total recognised attacks in November were:
1. Conficker - accounting for 20% of all recognised attacks, machines infected by Conficker are controlled by a botnet. It also disables security services, leaving computers even more vulnerable to other infections.
2. Cutwail - a botnet mostly used for sending spam, as well as some DDoS attacks.
3. Necurs - used as a backdoor to download further malware onto an infected machine and disable security services to avoid detection.
International attacks
Check Point's research also discovered a 17% increase in the use of mobile malware internationally during November, with the Xinyin, Ztorg and AndroRAT malware families being the top three most common variants targeting mobiles globally. There were approximately double the amount of attacks compared to the previous month, and for AndoRAT the increase was 10-fold. All three variants target Android devices:
1. Xinyin - Observed as a Trojan-Clicker that performs Click Fraud on Chinese ad sites.
2. Ztorg - Trojan that uses root privileges to download and install applications on the mobile phone without the user's knowledge.
3. AndroRAT - Malware that is able to pack itself with a legitimate mobile application and install without the user's knowledge, allowing a hacker full remote control of an Android device.
"Organisations face a daily battle to ensure that their networks are not compromised by cybercriminals and it is vital that they know what they are up against. The data for November highlights the fact that attackers are focusing their efforts on malware that can disable security services and infect machines stealthily so they can be more easily exploited," said Hadjizenonos.