Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

McAfee Catalogs 478 New Cyber Threats Every Minute, 8 Every Second

March 2018 by McAfee Labs

McAfee, the device-to-cloud
cybersecurity company, released its McAfee Labs Threats Report: March
2018, examining the growth
and trends of new malware, ransomware, and other threats in Q4 2017. McAfee Labs
saw on average eight new threat samples per second, and the increasing use of
fileless malware attacks leveraging Microsoft PowerShell. The Q4 spike in
Bitcoin value prompted cybercriminals to focus on cryptocurrency hijacking
through a variety of methods, including malicious Android apps.

"The fourth quarter was defined by rapid cybercriminal adoption of newer tools
and schemes-fileless malware, cryptocurrency mining, and steganography. Even
tried-and-true tactics, such as ransomware campaigns, were leveraged beyond
their usual means to create smoke and mirrors to distract defenders from actual
attacks," said Raj Samani, McAfee Fellow and Chief Scientist. "Collaboration and
liberalized information-sharing to improve attack defenses remain critically
important as defenders work to combat escalating asymmetrical cyberwarfare."

Each quarter, McAfee Labs assesses the state of the cyber threat landscape based
on threat data gathered by the McAfee Global Threat Intelligence cloud from
hundreds of millions of sensors across multiple threat vectors around the world.
McAfee Advanced Threat Research complements McAfee Labs by providing in-depth
investigative analysis of cyberattacks from around the globe.

Cybercriminals Take On New Strategies, Tactics

The fourth quarter of 2017 saw the rise of newly diversified cybercriminals, as
a significant number of actors embraced novel criminal activities to capture new
revenue streams. For instance, the spike in the value of
Bitcoin prompted
actors to branch out from moneymakers such as ransomware, to the practice of
hijacking Bitcoin and Monero wallets. McAfee researchers discovered Android apps
developed exclusively for the purpose of cryptocurrency mining and observed
discussions in underground forums suggesting Litecoin as a safer model than
Bitcoin, with less chance of exposure.

Cybercriminals also continued to adopt fileless malware leveraging Microsoft
PowerShell, which surged 432% over the course of 2017, as the threat category
became a go-to toolbox. The scripting language was used within Microsoft Office
files to execute the first stage of attacks.

"By going digital along with so many other things in our world, crime has become
easier to execute, less risky and more lucrative than ever before," said Steve
Grobman, Chief Technology Officer for McAfee. "It should be no surprise to see
criminals focusing on stealthy fileless PowerShell attacks, low risk routes to
cash through cryptocurrency mining, and attacks on soft targets such as
hospitals."

Health Care Targeted

Although publicly disclosed security incidents targeting health care decreased
by 78% in the fourth quarter of 2017, the sector experienced a dramatic 210%
overall increase in incidents in 2017. Through their investigations, McAfee
Advanced Threat Research analysts conclude many incidents were caused by
organizational failure to comply with security best practices or address known
vulnerabilities in medical software.

McAfee Advanced Threat Research analysts looked into possible attack vectors
related to health care data, finding exposed sensitive images and vulnerable software.
Combining these attack vectors, analysts were able to reconstruct patient body
parts, and print three-dimensional models.

"Health care is a valuable target for cybercriminals who have set aside ethics
in favor of profits," said Christiaan Beek, McAfee Lead Scientist and Senior
Principal Engineer. "Our research uncovered classic software failures and
security issues such as hardcoded embedded passwords, remote code execution,
unsigned firmware, and more. Both health care organizations and developers
creating software for their use must be more vigilant in ensuring they are up to
date on security best practices."

Q4 2017 Threats Activity

· Fileless malware. In Q4 JavaScript malware growth continued to slow with new
samples decreasing by 9%, while new PowerShell malware more than tripled,
growing 267%.
· Security incidents. McAfee Labs counted 222 publicly disclosed security
incidents in Q4, a decrease of 15% from Q3. 30% of all publicly disclosed
security incidents in Q4 took place in the Americas, followed by 14% in Europe
and 11% in Asia.
· Vertical industry targets. Public, health care, education, and finance,
respectively, led vertical sector security incidents for 2017.
· Attack vectors. In Q4 and 2017 overall, malware led disclosed attack
vectors, followed by account hijacking, leaks, distributed denial of service,
and code injection.
· Ransomware. The fourth quarter saw notable industry and law enforcement
successes against criminals responsible for
ransomware (https://securingtomorrow.mcafee.com/mcafee-labs/advanced-threat
 research/) campaigns. New ransomware samples grew 59% over the last four
quarters, while new ransomware samples growth rose 35% in Q4. The total number
of ransomware samples increased 16% in the last quarter to 14.8 million samples.
· Mobile malware. New mobile malware decreased by 35% from Q3. In 2017 total
mobile malware experienced a 55% increase, while new samples declined by 3%.
· Malware overall. New malware samples increased in Q4 by 32%. The total
number of malware samples grew 10% in the past four quarters.
· Mac malware. New Mac OS malware samples increased by 24% in Q4. Total Mac OS
malware grew 58% in 2017.
· Macro malware. New macro malware increased by 53% in Q4, declined by 35% in
2017.
· Spam campaigns. 97% of spam
botnet (https://securingtomorrow.mcafee.com/mcafee-labs/necurs-botnet-leads-the
 world-in-sending-spam-traffic) traffic in Q4 was driven by Necurs-recent
purveyor of "lonely girl" spam, pump-and-dump stock spam, and Locky ransomware
downloaders-and by Gamut-sender of job offer-themed phishing and money mule
recruitment emails.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts