Download PDF version Contact company

Check Point Research, the Threat Intelligence arm of Check Point® Software Technologies Ltd., a provider of cyber security solutions globally, has published its latest Global Threat Index for September 2020. Researchers found that an updated version of Valak malware has entered the Index for the first time, ranking as the 9th most prevalent malware in September.

First observed in late 2019, Valak is a sophisticated threat which was previously classified as a malware loader. In recent months, new variants were discovered with significant functional changes which enable Valak to operate as an information-stealer capable of targeting both individuals and enterprises. This new version of Valak is able to steal sensitive information from Microsoft Exchange mail systems, as well as users’ credentials and domain certificates. During September, Valak was spread widely by malspam campaigns containing malicious .doc files.

Emotet Trojan impact

The Emotet trojan remains in 1st place in the Index for the third month in succession

The Emotet trojan remains in 1st place in the Index for the third month in succession, impacting 14% of organisations globally. The Qbot trojan, which entered the listing for the first time in August, was also widely used in September, rising from 10th to 6th in the index.

These new campaigns spreading Valak are another example of how threat actors look to maximise their investments in established, proven forms of malware. Together with the updated versions of Qbot which emerged in August, Valak is intended to enable data and credentials theft at scale from organisations and individuals. Businesses should look at deploying anti-malware solutions that can prevent such content reaching end-users, and advise their employees to be cautious when opening emails, even when they appear to be from a trusted source,” said Maya Horowitz, Director, Threat Intelligence & Research, Products at Check Point.

Common exploited vulnerability

The research team also warns that “MVPower DVR Remote Code Execution” is the most common exploited vulnerability, impacting 46% of organisations globally, followed by “Dasan GPON Router Authentication Bypass” which impacted 42% of organisations worldwide. “OpenSSL TLS DTLS Heartbeat Information Disclosure (CVE-2014-0160; CVE-2014-0346)” had a global impact of 36%.

Top malware families

In September. Emotet remains the most popular malware with a global impact of 14% of organisations, followed by Trickbot and Dridex impacting 4% and 3% or organisations worldwide respectively.

  • Emotet - Emotet is an advanced, self-propagating and modular Trojan. Emotet was originally a banking Trojan, but recently is used as a distributor of other malware or malicious campaigns. It uses multiple methods for maintaining persistence and evasion techniques to avoid detection. In addition, it can be spread through phishing spam emails containing malicious attachments or links.
  • Trickbot - Trickbot is a dominant banking Trojan constantly being updated with new capabilities, features and distribution vectors. This enables Trickbot to be a flexible and customisable malware that can be distributed as part of multi purposed campaigns.
  • Dridex - Dridex is a Trojan that targets the Windows platform and is reportedly downloaded via a spam email attachment. Dridex contacts a remote server and sends information about the infected system. It can also download and execute arbitrary modules received from the remote server.

Top exploited vulnerabilities

In September, “MVPower DVR Remote Code Execution” is the most common exploited vulnerability

In September, “MVPower DVR Remote Code Execution” is the most common exploited vulnerability, impacting 46% of organisations globally, followed by “Dasan GPON Router Authentication Bypass” which impacted 42% of organisations worldwide. “OpenSSL TLS DTLS Heartbeat Information Disclosure (CVE-2014-0160; CVE-2014-0346)” is in third place, with a global impact of 36%.

MVPower DVR Remote Code Execution - A remote code execution vulnerability that exists in MVPower DVR devices. A remote attacker can exploit this weakness to execute arbitrary code in the affected router via a crafted request.

Authentication Bypass and information disclosure vulnerability

Dasan GPON Router Authentication Bypass (CVE-2018-10561) – An authentication bypass vulnerability that exists in Dasan GPON routers. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorised access into the affected system

OpenSSL TLS DTLS Heartbeat Information Disclosure (CVE-2014-0160; CVE-2014-0346) - An information disclosure vulnerability exists in OpenSSL. The vulnerability is due to an error when handling TLS/DTLS heartbeat packets. An attacker can leverage this vulnerability to disclose memory contents of a connected client or server.

Top mobile malware families

In September xHelper is the most popular mobile malware, followed by Xafecopy and Hiddad.

  • xHelper - A malicious application seen in the wild since March 2019, used for downloading other malicious apps and display advertisements. The application can hide itself from the user, and reinstall itself in case it was uninstalled.
  • Xafekopy - Xafecopy Trojan is disguised as useful apps like Battery Master. The Trojan secretly loads malicious code onto the device. Once the app is activated, the Xafecopy malware clicks on web pages with Wireless Application Protocol (WAP) billing - a form of mobile payment that charges costs directly to the user's mobile phone bill.
  • Hiddad - Hiddad is an Android malware which repackages legitimate apps and then releases them to a third-party store. Its main function is to display ads, but it can also gain access to key security details built into the OS.

Cybercrime

Check Point’s Global Threat Impact Index and its ThreatCloud Map is powered by Check Point’s ThreatCloud intelligence, the collaborative network to fight cybercrime which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database inspects over 2.5 billion websites and 500 million files daily, and identifies more than 250 million malware activities every day.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

In case you missed it

How smart technology is simplifying safety and security in retirement villages
How smart technology is simplifying safety and security in retirement villages

James Twigg is the Managing Director of Total Integrated Solutions (TIS), an independent life safety, security and communication systems integrator, specialising in design & consultancy, technology and regulatory compliance. Total Integrated Solutions work primarily with retirement villages, helping to ensure the safety of residents in numerous retirement villages across the country. In this opinion piece, James shares how smart technology is helping security teams and care staff alike in ensuring the safety and security of their spaces, amid the COVID-19 pandemic and beyond. Impact of smart technology Smart technology is having an impact on pretty much every aspect of our lives Smart technology is having an impact on pretty much every aspect of our lives. From how we travel, to how we work, to how we run our homes. It’s not unusual to have Alexa waking us up and ordering our groceries or Nest to be regulating the temperature and energy in our homes. And while there’s a popular misconception that people in their later years are allergic to technology, retirement villages and care homes are experiencing significant innovation too. And the result is not only improved quality of life for residents, but also improved safety and security systems for management teams. Switching to converged IP systems I’ve been working in the life safety and security industry for over fifteen years. When I first joined TIS, much of the sector was still very analogue, in terms of the technology being installed and maintained. Slowly but surely, we’ve been consulting and advising customers on how to design, install and maintain converged IP systems that all talk to each other and work in tandem. I'm excited to say retirement villages are some of the top spaces leading the way, in terms of technological advancement. Improving the quality of life for residents A move into a retirement village can be daunting and one of the key concerns that we hear about is the loss of independence. No one wants to feel like they are being monitored or to have someone constantly hovering over them. One of the ways we’ve used smart technology to maintain residents' independence is through devices, such as health monitors and motion sensors. For example, instead of having a member of staff check-in on residents every morning, to ensure they are well, sensors and analytics can automatically detect changes in routine and alert staff to possible problems. Similarly, wearable tech, such as smart watches give residents a chance to let staff know they are okay, without having to tell them face-to-face. As our retirement village customers have told us, a simple ‘I’m okay’ command can be the difference between someone feeling independent versus someone feeling monitored. Simplifying and improving security systems Smart technology gives care staff and security oversight of the needs of residents For the teams responsible for the safety of the people, places and spaces within retirement villages, smart technology is helping to improve and simplify their jobs. Smart technology gives care staff and security oversight of the needs of residents, and ensures rapid response if notified by an emergency alert, ensuring they know the exact location of the resident in need. And without the need to go and physically check-in on every resident, staff and management can ensure staff time is being used effectively. Resources can be distributed where they are needed to ensure the safety and wellbeing of those residents who need extra consideration. 24/7 surveillance When planning the safety and security for retirement villages, and other residential spaces, it’s no use having traditional systems that only work effectively for 12 hours a day or need to update during the evening. Surveillance needs to be 24/7 and smart technology allows that without the physical intrusion into people’s spaces and daily lives. Smart technology ensures that systems speak to each other and are easily and effectively managed on one integrated system. This includes video surveillance, which has also become much more effective as a result of advanced video analytics, which automatically warn staff of suspicious behaviour. Securing spaces amid COVID-19 This year has, of course, brought new challenges for safety. COVID-19 hit the retirement and residential care sectors hard, first with the initial wave of infections in mid-2020 and then, with the subsequent loneliness caused by the necessary separation of families. As essential workers, we worked closely with our customers to make sure they had everything they needed As essential workers, we worked closely with our customers to make sure they had everything they needed during this time, equipping residents with tablet devices to ensure they could stay connected with their families and friends. It allowed residents to keep in touch without risking transferring the virus. Thermal cameras and mask detection And now that we’re emerging out of COVID-19 restrictions and most residents can see their families again, we’re installing systems like thermal cameras and mask detection, so as to ensure that security will be alerted to anyone in the space experiencing a high temperature or not wearing proper PPE. Such steps give staff and families alike, the peace-of-mind that operational teams will be alerted at the earliest possible moment, should a COVID-19 risk appear. Thinking ahead to the next fifteen years, I’m excited at the prospect of further technological advancements in this space. Because at the end of the day, it’s not about how complex your security system is or how you compete in the industry. It’s about helping teams to protect the people, spaces and places that matter. I see smart technology playing a huge role in that for years to come.

ASSA ABLOY’s Code Handle protects Fylab physiotherapy practice with secure PIN-operated handles
ASSA ABLOY’s Code Handle protects Fylab physiotherapy practice with secure PIN-operated handles

In all medical settings, people are coming and going all day. Therapists leave their personal belongings in changing rooms, patients want privacy in consulting rooms, open or unlocked doors can be an invitation to opportunists. Yet keeping track of mechanical keys can be a tiresome task for a small practice. There is a solution: the Code Handle PIN lock from ASSA ABLOY. In Irun, in Spain’s Basque country, Fylab sought easy electronic door security for their consulting rooms. These rooms house expensive specialist equipment for the various therapeutic disciplines offered by Fylab. Requirements were straightforward: a simple, secure, keyless access solution designed to work in a facility that gets a lot of daily traffic from professionals and the public. They needed a locking device that is easy to retrofit and incorporates a contemporary device design to match with Fylab’s modern medical workplace. Adding electronic security to room doors The Code Handle PIN-locking door handle added electronic security to three consulting-room doors at FylabThe Code Handle PIN-locking door handle added electronic security to three consulting-room doors at Fylab – without wires or cables. Two screws fit a Code Handle to almost any interior door (between 35mm to 80mm thick). One doesn’t even need to change their existing door cylinder. “I am no artist or handyman, but I managed to fit the handles within 10 minutes,” says Fylab founder, Borja Saldias Retegui. Code Handle adds electronic security to almost any interior door without disrupting its aesthetics. If one needs to secure a door facing a public space, Code Handle does it subtly and with zero hassle. At Fylab, Code Handle devices locks both wooden and glass doors, keeping equipment and therapists’ personal belongings safe. Allows up to 9 different PIN numbers “We like the solution a lot because we can do away with keys,” adds Borja. Code Handle removes the need to track cumbersome keys or install expensive access control. Because every Code Handle allows up to 9 different PIN numbers (4 to 6 digits), all authorised staff at Fylab can have their own security code. Two standard batteries (CR2) slot inside the handle, typically lasting 30,000 lock/unlock cycles before replacement The practice manager cancels or amends PINs at any time using the master PIN. Two standard batteries (CR2) slot inside the handle, typically lasting 30,000 lock/unlock cycles before replacement. It’s simple. “Code Handle is unique in comparison to common code door locks: it has the code function and battery incorporated inside its handle, so you don’t need to make extra modifications to your door,” explains Lars Angelin, Business Development Manager for Code Handle at ASSA ABLOY EMEA. Auto-locking feature of Code Handle Auto-locking is another helpful feature. When the door closes, Code Handle locks it automatically. One doesn’t need to put down whatever they are carrying, and no one can open it from the outside while they are not looking. To keep the door open briefly, one can simply hold Code Handle down for 5 seconds and it remains temporarily unlocked. For convenience, Code Handle always opens freely from the inside. “Code Handle provides the simplest solution for access control in a small facility,” says Borja. To learn more about Code Handle please visit: https://campaigns.assaabloyopeningsolutions.eu/codehandle

What are the challenges and benefits of mobile access control?
What are the challenges and benefits of mobile access control?

There is a broad appeal to the idea of using a smartphone or wearable device as a credential for physical access control systems. Smartphones already perform a range of tasks that extend beyond making a phone call. Shouldn’t opening the door at a workplace be among them? It’s a simple idea, but there are obstacles for the industry to get there from here. We asked this week’s Expert Panel Roundtable: What are the challenges and benefits of mobile access control solutions?