Tinba was fourth most prevalent banking malware in Kenya in May – Check Point report

Check Point Software Technologies has published its latest Threat Index for May 2016, revealing that the number of active global malware families increased by 15 percent in May 2016.

The May Threat Index presents a mixed view of Africa, with several countries making quite strong moves up and down the index – the higher their relative ranking in the index, the greater the threat of cyber-attack. There are four African countries in the top ten of the index, including Malawi who currently sits at third (improving by one position from the previous month). The others include Djibouti, Namibia and Angola. Just outside of the top ten, at eleventh, sits Botswana. There are 112 countries on the overall Index.

West African technology and economic hub, Nigeria is currently ranked 19th – a significant improvement on April’s 11th position. While, in a reversal of fortunes of sorts, east African powerhouse, Kenya shifted a massive 46 positions to sit at just 37th.

Globally, Check Point detected 2,300 unique and active malware families attacking business networks in May. It was the second month running Check Point has observed an increase in the number of unique malware families, having previously reported a 50 percent increase from March to April. The continued rise in the number of active malware variants highlights the wide range of threats and scale of challenges security teams face in preventing an attack on their business critical information. Most notably:

  • Banking malware Tinba became the fourth most prevalent form of infection last month in Kenya, and ninth in Nigeria. This Trojan allows hackers to steal victims’ credentials using web-injects, activated as users try to log-in to their banking website. Tinba ranked second in the overall international threat list. The top malware in Nigeria in May was also a financial threat. Gamarue is a modular bot that hides in trusted processes and can be used to harvest financial information.
  • Attacks against mobile devices also remained a high priority as Android malware HummingBad persisted in the overall top 10 of malware attacks across all platforms during the period. In both Kenya and Nigeria, Hummingbad ranks as the fifth most common malware form. Despite only being discovered by Check Point researchers in February, it has rapidly become commonly used; indicating hackers view Android mobile devices as weak spots in enterprise security and as potentially high reward targets.

Rick Rogers, Area Manager for East and West Africa at Check Point Software Technologies believes that both of these threats are significant in the African context as Android phone sales and banking inclusion continue to climb.

“As Bring Your Own Device (BYOD) continues to be a trend and smartphone penetration on the continent grows, companies are at an increased risk from Hummingbad in particular, and other malware. Combined with the growth in malware family numbers overall, this represents a significant business risk. Enterprises of all sizes must educate themselves on the security threats they face and invest in solid measures to protect their networks and corporate data,” Rogers said.

In May, Sality, Virut and Conficker were the top malware families in Kenya, while Gamarue, Sality and Dorkbot featured in Nigeria’s top three.  Internationally, Conficker was the most prominent malware family, accounting for 14 percent of recognised attacks. The top ten families were responsible for 60 percent of all recognised attacks around the world.

Check Point’s Threat Index is based on threat intelligence drawn from its ThreatCloud World Cyber Threat Map, which tracks how and where cyberattacks are taking place worldwide in real time. The Threat Map is powered by Check Point’s ThreatCloudTM intelligence, the largest collaborative network to fight cybercrime, which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database holds over 250 million addresses analyzed for bot discovery, over 11 million malware signatures and over 5.5 million infected websites, and identifies millions of malware types daily.

Leave a Reply

Be the first to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.