Banking Trojan attacks increase

There is a significant increase in attacks using the Ramnit banking trojan. Over the past few months, Ramnit has doubled its global impact. The trojan is driven by a large-scale campaign that has been converting victim’s machines into malicious proxy servers.

In August 2018, Ramnit became the most prevalent banking Trojan in an upward trend in the use of banking Trojans that has more than doubled since June 2018.

Trends like this should not be ignored as hackers are acutely aware of which attack vectors are most likely to be successful at any given time.
In order to prevent exploitation by banking trojans – and other types of attacks – it is critical that enterprises employ a multi-layered cybersecurity strategy that protects against both established malware families cyber-attacks and brand new threats.

Also during August 2018, the Coinhive crypto miner remained the most prevalent malware, impacting 17% of organization worldwide. Dorkbot and Andromeda were ranked in second and third place respectively, each with a global impact of 6%.

Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;

August 2018 top 3 most wanted
1. Coinhive – Crypto Miner designed to perform online mining of Monero cryptocurrency when a user visits a web page without the user’s knowledge or approval the profits with the user.
2. Dorkbot – IRC-based Worm designed to allow remote code execution by its operator, as well as the download of additional malware to the infected system.
3. Andromeda – Modular bot used mainly as a backdoor to deliver additional malware on infected hosts, but can be modified to create different types of botnets.

August 2018 top 3 most wanted mobile malware
1. Lokibot – Android banking Trojan and info-stealer, which can also turn into a ransomware that locks the phone in case its admin privileges are removed.
2. Lotoor – Hack tool that exploits vulnerabilities in the Android operating system in order to gain root privileges on compromised mobile devices.
3. Triada – Modular Backdoor for Android which grants superuser privileges to downloaded malware, as helps it to get embedded into system processes.

August 2018 top 3 most exploited vulnerabilities
1. Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow (CVE-2017-7269) – By sending a crafted request over a network to Microsoft Windows Server 2003 R2 through Microsoft Internet Information Services 6.0, a remote attacker could execute arbitrary code or cause a denial of service conditions on the target server.
2. OpenSSL TLS DTLS Heartbeat Information Disclosure (CVE-2014-0160; CVE-2014-0346) – An information disclosure vulnerability exists in OpenSSL. The vulnerability is due to an error when handling TLS/DTLS heartbeat packets.
3. D-Link DSL-2750B Remote Command Execution – A remote code execution vulnerability has been reported in D-Link DSL-2750B routers.
We would continue to monitor all the threats.

Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.