The second month of Q2, May was an eventful month, in terms of malware breaches. Let’s take a look at the news highlights from the month that was:
Ransomware attacks can hit hard and fast, with organizations unaware of the issue until the damage is already done. WannaCry spread to businesses around the globe in mere hours on May 12, and by the afternoon, the infection was making national headlines. Companies and consumers alike panicked in the fallout of WannaCry’s ransom demands, wondering if their systems would be affected and how to prevent their hardware from getting breached. For the victims, the question was whether or not to pay to restore their data.
Earliest infection reports show that the first attack struck in Europe, where a computer user unknowingly opened a malicious email attachment, allowing WannaCry into their system. According to Financial Times, Spanish mobile operator Telefónica was among the first organizations to report a WannaCry infection. Shortly after, U.K. hospitals and clinics, French carmaker Renault, as well as some Russian and U.S. organizations announced they had been impacted. In total, at least 200,000 companies around the globe were attacked by WannaCry ransomware.
As time passed, solutions and patches to WannaCry have emerged to protect users, while those affected have taken action to recover. How could this strain have made as big of a splash as it has and what does it mean for the future?
OSX/Dok Malware targeting Mac users
Writers of this malicious code have typically aimed to exploit Windows vulnerabilities, but Mac users are no longer safe from an attacker’s sights. OSX/Dok malware was encountered toward the end of April 2017, and was discovered to be a rather sophisticated piece of work.
Recently, malware tactics have become much more polished and severe, getting around security measures and tricking users into becoming victims of the malicious virus. Mac users cannot stand idle against OSX/Dok and should be educated on this threat. The threat usually comes as a file named “Dokument.zip,” seemingly from a tax office. Once clicked, it would be decompressed to appear with the same icon as older versions of Apple’s Preview app. It appears oddly pixelated though. These unusual characteristics should be treated as red flags for any user when reading emails or looking at unfamiliar links.
As with most malware and phishing campaigns, OSX/Dok is delivered through email attachments to unsuspecting receivers. The research team that first encountered the malware says, OSX/Dok mostly targeted European users, but it could become a global issue.
Sophisticated Banking Malware on the Rise
Various strains of ransomware and banking Trojan families (Zeus) have appeared in 64-bit versions over the last two years or so. Around 60 per cent of the 64-bit threat landscape is dominated by the worm-like Expiro spyware. Following that, the most common 64-bit families are Virut (20 per cent) and Nimda (10 per cent). Sophisticated 64-bit malware has already appeared in several APT campaigns. Notably, the destructive disk-wiping Shamoon malware, which destroyed data on 35,000 computers at Saudi Aramco.
Zeus, the leading banking Trojan, which is responsible for the theft of hundreds of millions of dollars, was the first of its kind to contain a 64-bit version. Other banking Trojans and ransomware are expected to follow this trend, causing the numbers of 64-bit malware to increase in the coming years.