Each month Check Point publishes three Top 10 lists: Most Wanted Malware; Most Wanted Mobile Malware; and Most Exploited Vulnerabilities. The reports are based on data from Check Point’s ThreatCloud database, which analyzes more than 250 million addresses for bot discovery, more than 11 million malware signatures, and more than 5.5 million infected websites. It also identifies millions of malware types daily.
In July, three IoT vulnerabilities entered the Top 10 Most Exploited Vulnerabilities list. They were: MVPower DVR router Remote Code Execution at No. 5; D_Link DSL-2750B router Remote Command Execution at No. 7; and Dasan GPON router Authentication Bypass at No. 10.
These vulnerabilities enable attackers to execute malicious code and gain remote control of the target devices. Together, 45 percent of organizations across the world were impacted by attacks targeting these vulnerabilities, compared with 35 percent in June, and 21 percent in May.
“IoT vulnerabilities in particular are often ‘the path of least resistance,’ as once one device is compromised it can be straightforward to infiltrate further connected devices,” said Maya Horowitz, Threat Intelligence group manager at Check Point, in a blog post about the report.
One important way to mitigate these and other security vulnerabilities — as evidenced by the latest Spectre-like Intel chip flaws disclosed this week — is to patch systems and ensure software is up to date. “It is vital that organizations apply patches to known vulnerabilities as and when they are made available to ensure that networks remain secure,” Horowitz said.
Cryptomining Malware Still No. 1
In addition to making the Top 10 Exploited Vulnerabilities list, IoT malware made its top-three debut on Check Point’s Top 10 Most Wanted Malware list in July. Cryptomining malware, however, remained the top two offenders on this list.
Coinhive held its No. 1 most prevalent malware spot, impacting 19 percent of organizations worldwide. Cryptoloot, another coin-miner, and Dorkbot ranked second and third, respectively, each with a global impact of 7 percent.
Dorkbot is an IRC-based Worm designed to allow remote code execution by its operator as well as the download of additional malware to the infected system.
At the annual security conference, Armis surveyed 130 security professionals and found 93 percent of them expect nation-states will target or exploit connected devices in the next year. Additionally, the Cloud Security Alliance said it’s developing a controls framework for enterprises using IoT and edge devices and services, and IBM announced plans to open four new testing facilities where its hackers will try to find vulnerabilities in devices (hardware and software).
In an interview with SDxCentral at the event, Cisco Talos’ Craig Williams said 2018 “is moving into the year of cryptomining.” And Sean Mason, director of threat management and incident response at Cisco, said his team is seeing an uptick in cryptomining malware.