Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

McAfee Labs Sees Cryptocurrency Mining Surge Continue

September 2018 by McAfee Labs

McAfee released its McAfee Labs Threats Report: September
2018
, examining the growth and trends of new cyber threats in
Q2 2018. In the second quarter, McAfee Labs saw the surge in cryptomining
malware growth that began in Q4 2017 continue through the first half of 2018.
McAfee also saw the continued adaptation of the type of malware vulnerability
exploits used in the WannaCry and NotPetya outbreaks of 2017.

Although less common than ransomware, cryptomining malware has quickly emerged
as a factor on the threat landscape. After growing around 400,000 in the fourth
quarter of 2017, new cryptomining malware samples grew a stunning 629% to more
than 2.9 million samples in Q1 2018. This trend continued in Q2 as total samples
grew by 86% with more than 2.5 million new samples. McAfee Labs has even
identified what appear to be older malware such as ransomware newly retooled
with mining capabilities.

In some cases, cryptomining targets specific groups rather than a broad field of
potential victims. One cryptomining malware strain has targeted gamers on a
Russian forum by posing as a "mod" claiming to enhance popular games. Gamers
were tricked into downloading the malicious software, which proceeded to use
their computer resources for profit.

While cryptomining malware primarily targets PCs, other devices have become
victims. For instance, Android phones in China and Korea have been exploited by
the ADB.Miner malware into producing Monero cryptocurrency for its perpetrators.

"A few years ago, we wouldn’t think of internet routers, video-recording
devices, and other Internet of Things devices as platforms for cryptomining
because their CPU speeds were too insufficient to support such productivity,"
said Christiaan Beek, Lead Scientist and Senior Principal Engineer with McAfee
Advanced Threat Research. "Today, the tremendous volume of such devices online
and their propensity for weak passwords present a very attractive platform for
this activity. If I were a cybercriminal who owns a botnet of 100,000 such IoT
devices, it would cost me next to nothing financially to produce enough
cryptocurrency to create a new, profitable revenue stream."

Vulnerability Exploit Malware

A year after the outbreaks of the WannaCry and NotPetya attacks, new malware
samples specifically designed to exploit software vulnerabilities increased by
151% in Q2. McAfee saw the exploits from these two high-profile threats
repurposed within new malware strains, and newly discovered vulnerability
exploits similarly adapted to produce entirely new threats.

"WannaCry and NotPetya provided cybercriminals compelling examples of how
malware could use vulnerability exploits to gain a foothold on systems and then
quickly propagate across networks," Beek continued. "It’s still surprising to
see numerous vulnerabilities from as far back as 2014 used successfully to
spearhead attacks, even when there have been patches available for months and
years to deflect exploits. This is a discouraging testament to the fact that
users and organizations still must do a better job of patching vulnerabilities
when fixes become available."

Windows 10 Cortana Vulnerabilities

McAfee Labs and the Advanced Threat Research team discovered a vulnerability in
the Cortana voice assistant in Microsoft Windows 10. The flaw, for which
Microsoft released a patch in June, could have allowed attackers to execute code
from the locked screen of a fully patched Windows 10 machine (RS3 and RS4 before
the June patch). McAfee addressed three vectors of research that have been
combined by Microsoft and together represent CVE-2018-8140. McAfee submitted the
vulnerability to Microsoft in April as part of McAfee’s responsible disclosure
policy.

Billing-Fraud Apps on Google Play

The McAfee Mobile Research team found a new billing-fraud campaign of at least
15 apps on Google Play. The new campaign demonstrates that cybercriminals keep
finding new ways to steal money from victims using apps on official stores such
as Google Play. The actors behind this campaign, the AsiaHitGroup Gang, has been
active since at least late 2016 with the distribution of the fake-installer
applications Sonvpay.A, which attempted to charge at least 20,000 victims from
primarily Thailand and Malaysia for the download of copies of popular
applications. One year later, in November 2017, the Sonypay.B campaign was
discovered on Google Play. Sonvpay.B used IP address geolocation to confirm the
country of the victim and added Russian victims to the billing fraud to increase
its potential to steal money from unsuspected users.

Blockchain Security Threats

McAfee Advanced Threat Research identified top security threats to users and
implementers of blockchain technologies. The researchers’ analysis found that
phishing, malware, and implementation vulnerabilities are the primary attack
vectors.

Other Q2 2018 Threat Activity

In Q2 2018, McAfee Labs detected five new threats a second, including new
threats showing notable technical developments that improve upon the latest
successful technologies and tactics to outmaneuver their targets’ defenses.

 Ransomware. The total number of ransomware samples continues to grow,
increasing 57% over the past four quarters. Although the appearance of new
ransomware families has slowed overall in recent quarters, McAfee also saw
established ransomware families spawn new variants. For instance, McAfee saw a
dozen new variants of the Scarab ransomware family appear in the Q2 alone. These
newcomers account for more than 50% of the total number of known Scarab variants
identified since the family’s appearance in mid-2017.

 Mobile malware. New mobile malware samples increased 27% in Q2; this is the
second successive quarter of growth. McAfee customers in South America reported
the highest rate of infection, at 14%. Total mobile malware grew 42% in the past
four quarters.

 JavaScript malware. A 204% increase in new samples suggests that hackers
appear to have shifted to a new generation of JavaScript malware. After
decreasing significantly over the last three quarters, JavaScript malware
accounted for more than 7 million new samples, a record high, and up from around
2 million in Q1.

 LNK malware. While PowerShell has been active among fileless malware
developers in recent previous quarters, new samples slowed to 15% growth. But
new LNK malware continues to grow, as cybercriminals are increasingly using .lnk
shortcuts to surreptitiously deliver malicious PowerShell scripts and other
malware. Total samples in the category have increased 489% over the past four
quarters.

 Spam botnets. The Gamut spam botnet outpaced all others in Q2. Most
notably, it pushed high volumes of "Canada Revenue Agency" phishing scams.
Notable recent campaigns were related to bogus employment offers that are
commonly used as a "money mule" recruitment tactic.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts