Eight new cyber threat samples emerging per second

There has been a record increase in healthcare attacks, fileless malware and cryptocurrency mining, according to a new report by McAfee Labs.

The McAfee Labs Threats Report: March 2018 examined the growth and trends of new malware, ransomware and other threats in Q4 2017.

McAfee Labs saw on average eight new threat samples per second, as well as an increase in the use of fileless malware attacks leveraging Microsoft PowerShell.

The Q4 spike in Bitcoin value prompted cybercriminals to focus on cryptocurrency hijacking through a variety of methods, including malicious Android apps.

“The fourth quarter was defined by rapid cybercriminal adoption of newer tools and schemes — fileless malware, cryptocurrency mining and steganography. Even tried-and-true tactics, such as ransomware campaigns, were leveraged beyond their usual means to create smoke and mirrors to distract defenders from actual attacks,” said Raj Samani, McAfee Fellow and Chief Scientist.

Each quarter, McAfee Labs assesses the state of the cyber threat landscape based on threat data gathered by the McAfee Global Threat Intelligence cloud from hundreds of millions of sensors across multiple threat vectors around the world.

The fourth quarter of 2017 saw the rise of newly diversified cybercriminals, as a significant number of actors embraced novel criminal activities to capture new revenue streams. McAfee researchers discovered Android apps developed exclusively for the purpose of cryptocurrency mining and observed discussions in underground forums suggesting Litecoin as a safer model than Bitcoin, with less chance of exposure.

Cybercriminals also continued to adopt fileless malware leveraging Microsoft PowerShell, which surged 432% over the course of 2017, as the threat category became a go-to toolbox. The scripting language was used within Microsoft Office files to execute the first stage of attacks.

Although publicly disclosed security incidents targeting health care decreased by 78% in the fourth quarter of 2017, the sector experienced a dramatic 210% overall increase in incidents in 2017. Through their investigations, McAfee Advanced Threat Research analysts concluded many incidents were caused by organisational failure to comply with security best practices or address known vulnerabilities in medical software.

McAfee Advanced Threat Research analysts looked into possible attack vectors related to healthcare data, finding exposed sensitive images and vulnerable software. Combining these attack vectors, analysts were able to reconstruct patient body parts and print three-dimensional models.

“Health care is a valuable target for cybercriminals who have set aside ethics in favour of profits,” said McAfee Lead Scientist and Senior Principal Engineer Christiaan Beek.

“Our research uncovered classic software failures and security issues such as hardcoded embedded passwords, remote code execution, unsigned firmware and more.”

Notable findings from the report include:

• In Q4 JavaScript malware growth continued to slow with new samples decreasing by 9%, while new PowerShell malware more than tripled, growing 267%.
• McAfee Labs counted 222 publicly disclosed security incidents in Q4, a decrease of 15% from Q3.
• Disclosed incidents in the Oceania region rose 42% in 2017, falling 33% in Q4.
• In Q4 and 2017 overall, malware led disclosed attack vectors, followed by account hijacking, leaks, distributed denial of service and code injection.
• New ransomware samples grew 59% over the last four quarters, while new ransomware samples growth rose 35% in Q4. The total number of ransomware samples increased 16% in the last quarter to 14.8 million samples.
• In 2017 total mobile malware experienced a 55% increase, while new samples declined by 3%.
• New malware samples increased in Q4 by 32%. The total number of malware samples grew 10% in the past four quarters.
• 97% of spam botnet traffic in Q4 was driven by Necurs — recent purveyor of ‘lonely girl’ spam, pump-and-dump stock spam and Locky ransomware downloaders — and by Gamut, a sender of job offer-themed phishing and money mule recruitment emails.

Image credit: ©lollo/Dollar Photo Club

Follow us on Twitter and Facebook