Banking malwares Tinba, Gamarue inside Nigeria, Kenya

Banking malwares Tinba, Gamarue inside Nigeria, Kenya

Globally, Check Point detected 2,300 unique and active malware families attacking business networks in May. It was the second month running Check Point has observed an increase in the number of unique malware families, having previously reported a 50% increase from March to April.

Check Point Software Technologies published its latest Threat Index for May 2016, revealing that the number of active global malware families increased by 15% in May 2016. The May Threat Index presents a mixed view of Africa, with several countries making quite strong moves up and down the index – the higher their relative ranking in the index, the greater the threat of cyber-attack.

There are four African countries in the top ten of the index, including Malawi who currently sits at third. The others include Djibouti, Namibia and Angola. Just outside of the top ten, at eleventh, sits Botswana. There are 112 countries on the overall Index. West African technology and economic hub, Nigeria is currently ranked 19th – a significant improvement from its April position. While, in a reversal of sorts, East African powerhouse, Kenya shifted upwards from 46 to 37.

Globally, Check Point detected 2,300 unique and active malware families attacking business networks in May. It was the second month running Check Point has observed an increase in the number of unique malware families, having previously reported a 50% increase from March to April. The continued rise in the number of active malware variants highlights the wide range of threats and scale of challenges security teams face in preventing an attack on their business critical information.

Enterprises of all sizes must educate themselves on the security threats they face and invest in solid measures to protect their networks and corporate data

Banking malware Tinba became the fourth most prevalent form of infection last month in Kenya, and ninth in Nigeria. This Trojan allows hackers to steal victims’ credentials using web-injects, activated as users try to log-in to their banking website. Tinba ranked second in the overall international threat list. The top malware in Nigeria in May was also a financial threat. Gamarue is a modular bot that hides in trusted processes and can be used to harvest financial information.

Attacks against mobile devices also remained a high priority as Android malware HummingBad persisted in the overall top 10 of malware attacks across all platforms during the period. In both Kenya and Nigeria, Hummingbad ranks as the fifth most common malware form. Despite only being discovered by Check Point researchers in February, it has rapidly become commonly used; indicating hackers view Android mobile devices as weak spots in enterprise security and as potentially high reward targets.

Rick Rogers, Area Manager for East and West Africa at Check Point Software Technologies, believes that both of these threats are significant in the African context as Android phone sales and banking inclusion continue to climb.

“As Bring Your Own Device continues to be a trend and smartphone penetration on the continent grows, companies are at an increased risk from Hummingbad in particular, and other malware. Combined with the growth in malware family numbers overall, this represents a significant business risk. Enterprises of all sizes must educate themselves on the security threats they face and invest in solid measures to protect their networks and corporate data,” said Rick Rogers, Area Manager for East and West Africa at Check Point Software Technologies.

In May, Sality, Virut and Conficker were the top malware families in Kenya, while Gamarue, Sality and Dorkbot featured in Nigeria’s top three.  Internationally, Conficker was the most prominent malware family, accounting for 14% of recognised attacks. The top ten families were responsible for 60% of all recognised attacks around the world.

Sality: Virus that allows remote operations and downloads of additional malware to infected systems by its operator. Its main goal is to persist in a system and provide means for remote control and installing further malware.

Virut: This is one of the top malware and botnet distributors in the Internet, and uses DDoS attacks, spam distribution, data theft and fraud methods. Spread through executables originating from infected devices, Virut alters the local host files and opens a backdoor to remote attackers via an IRC channel.

Conficker: machines infected by Conficker are controlled by a botnet.  It also disables security services, leaving computers even more vulnerable to other infections.

Gamarue: A modular bot with a loader, downloads additional modules and injects into trusted processes to hide. Infected machines can be harvested for financial credentials.

Dorkbot – IRC-based worm designed to allow remote code execution by its operator, as well as download additional malware to the infected system, with the primary motivation being to steal sensitive information and launch denial-of-service attacks.

Check Point’s Threat Index is based on threat intelligence drawn from its ThreatCloud World Cyber Threat Map, which tracks how and where cyberattacks are taking place worldwide in real time. The Threat Map is powered by Check Point’s ThreatCloud intelligence, the largest collaborative network to fight cybercrime, which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database holds over 250 million addresses analyzed for bot discovery, over 11 million malware signatures and over 5.5 million infected websites, and identifies millions of malware types daily.

Browse our latest issue

Intelligent CIO Africa

View Magazine Archive