Multi-Purpose Malware Surge Strikes Enterprises

A surge of malware attacks in the Ukraine and Japan have pushed a years-old malware loader onto the top 10 list of worldwide cyber-threats, according to researchers.

Check Point said Smoke Loader, a second-stage downloader, has been known to researchers since 2011.

But its recent activities meant it rose 11 places on the firm’s monthly threat index to ninth place.

Smoke Loader is mainly used to load other malware, including Trickbot Banker, AZORult Infostealer and Panda Banker, Check Point said.

Banking Trojans on the rise

The figures were released in the December rankings, published this week.

“December’s report saw SmokeLoader appearing in the top 10 for the first time,” said Check Point research group manager Maya Horowitz in an advisory.

“Its sudden surge in prevalence reinforces the growing trend towards damaging, multi-purpose malware.”

Half of the current top 10 list of threats was made up of malware that uses multiple methods to distribute numerous threats, with the other half composed of crypto-mining malware, she said.

Check Point also found banking Trojans rose in prominence, with Ramnit, which steals login credentials and other sensitive data, rising to eighth place.

The list was dominated, as it has been in recent months, by cryptomining malware, which uses systems’ computing resources to produce virtual currencies for the attackers.

Coinhive was the top threat for the thirteenth month in a row, affecting 12 percent of organisations worldwide, Check Point said.

Cryptomining malware dominates

It was followed by XMRig with a global reach of 8 percent and JSEcoin with 7 percent.

“Organisations continue to be targeted by cryptominers despite an overall drop in value across all cryptocurrencies in 2018,” Check Point noted.

The most exploited vulnerability worldwide in December was CVE-2017-7269, a bug affecting Microsoft Windows Server 2003 R2 that was disclosed in early 2017.

It was followed by a widespread OpenSSL TLS DTLS Heartbeat information disclosure bug and a code-injection flaw in PHPMyAdmin.

Horowitz said the wide range of threats means enterprises are well advised to use a multi-layered cybersecurity strategy.