Check Point Software has released its April’s Most Wanted Malware blog. It sends a warning to IT admins that they need to do more to get their house in order. It shows that cryptomining attacks continue to dominate the top ten attacks for the fourth consecutive month.
The success of these attacks is shown in the values of cryptocurrencies. The major currencies ended April higher than they started despite the uncertainty in the market. As long as prices hold up, hackers will continue to push cryptomining attacks.
What is particularly worrying here is that attacks against server hardware is growing. Check Point researchers noted that the majority of attacks used unpatched vulnerabilities in Microsoft and Oracle software. The two biggest software problems are Microsoft Windows Server 2003 (CVE-2017-7269) and Oracle Web Logic (CVE-2017-10271).
The Oracle vulnerability was listed as the top Most Wanted vulnerability in March. It has dropped to second this month with the Windows Server 2003 R2 attack taking first place. There have been patches for both these attacks available for over six months.
Both products are widely used. Check Point reported that 46% of organisations around the world were targeted for the Windows Server 2003 attacks. Attacks against the Oracle software were only just behind at 40%. There is a need for administrators to do more to migrate workloads or find other ways of protecting these products.
Top 10 malware in April
Coinhive, which mines Monero, has retained its position as the most wanted malware in April. It took over the number one slot in December 2017 and shows no sign of relinquishing it.
Cryptoloot has regained its place as the second most wanted malware.
Roughted, the malvertising software continues its run in the top five and climbs back up the charts into third place this month.
Jsecoin, which is used by some sites as an alternative to advertising revenue climbs back to fourth.
Andromeda rounds out the top five, climbing two places from March.
What does this mean
There are two things here that are worth mentioning. Despite the wild ride that cryptocurrencies have experienced, they are still valuable. Hackers see them as easy money as they don’t have to pay for the resources to mine them.
The second is that patching issues continue. For many organisations it is not as easy as saying patch or die. The existing IT team may not have a complete asset register that lists where they can find the servers. In addition, many of them are likely to be running critical business processes and there will be concerns over patching them in case they fail.
Both of these point to a serious problem for enterprise customers. Few large enterprises have a complete list of all their business assets. The growth in non-IT controlled assets has grown considerably over the last few years. This means that IT departments need to be given access to proper asset management tools. Without these they cannot locate assets and then patch them. It is also time that software on Windows Server 2003 was moved to later and more secure versions of the operating system. If that cannot be done then they should be moved to a location where they are less likely to be found and attacked.