Infect and collect: Cryptomining surges
Criminals continued to adopt crypto mining to easily monetise their criminal activity. This category of coin miner malware grew a stunning 629 per cent in Q1 2018. The Lazarus cybercrime ring launched a Bitcoin stealing phishing campaign. The total num
McAfee Labs saw on average five new threat samples every second, including growth in crypto jacking and other cryptocurrency mining malware, and notable campaigns demonstrating a deliberate drive to technically improve upon the most sophisticated established attacks of 2017. Their report, McAfee Labs Threats Report: June 2018 was published last week. “There were new revelations this quarter concerning complex nation- state cyber- attack campaigns targeting users and enterprise systems worldwide,” said Raj Samani, chief scientist at McAfee. “Bad actors demonstrated a remarkable level of technical agility and innovation in tools and tactics. Criminals continued to adopt cryptocurrency mining to easily monetise their criminal activity.”
Cybercriminals extended their operations in crypto jacking and other cryptocurrency mining schemes, where perpetrators hijack victims” browsers or infect their systems to secretly use them to mine for legitimate cryptocurrencies such as Bitcoin. This category of coin miner malware grew a stunning 629 per cent in Q1 2018, rocketing from around 400,000 total known samples in Q4 2017 to more than 2.9m the next quarter.
This suggests that cybercriminals are continuing to warm to the prospect of simply infecting users’ systems and collecting payments without having to rely on third parties to monetise their crimes.
“Cybercriminals will gravitate to criminal activity that maximises their profit,” said Steve Grobman, chief technology officer at McAfee. “In recent quarters we have seen a shift to ransomware from datatheft, as ransomware is a more efficient crime.
With the rise in the value of cryptocurrencies, the market forces are driving criminals to cryptojacking and the theft of cryptocurrency.”
BITCOIN- STEALING:
The Lazarus cybercrime ring launched a highly sophisticated Bitcoinstealing phishing campaign— HaoBao— which targeted global financial organizations and Bitcoin users. When recipients open malicious email attachments, an implant would scan for Bitcoin activity and establishes an implant for persistent data gathering and crypto mining.
GOLD DRAGON: ATTACKS
ON SOUTH KOREA In January, McAfee Advanced Threat Research reported an attack targeting organisations involved in the Pyeongchang Winter Olympics in South Korea. The attack was executed via a malicious Microsoft Word attachment containing a hidden PowerShell implant script. The script was embedded within an image file and executed from a remote server.
Dubbed Gold Dragon, the resulting fileless implant encrypted stolen data, sent the data to the attackers” command and control servers, performed reconnaissance functions, and monitored anti- malware solutions to evade them.
BANKSHOT, GHOSTSECRET:
Operation GhostSecret targeted the healthcare, finance, entertainment, and telecommunications sectors. Operation GhostSecret is believed to be associated with the international cybercrime group known as Hidden Cobra. The campaign, which employs a series of implants to appropriate
data from infected systems, is also characterised by its ability to evade detection and throw forensic investigators off its trail.
The latest Bankshot variation of GhostSecret uses an embedded Adobe Flash exploit to enable the execution of implants. It also incorporates elements of the Destover malware, which was used in the 2014 Sony Pictures attack, and the Proxysvc implant, a previously undocumented implant that has operated undetected since mid- 2017. SECURITY INCIDENTS BY INDUSTRY:
McAfee Labs counted 313 publicly disclosed security incidents in Q1 2018, a 41 per cent increase over Q4. Incidents involving multiple sectors ( 37) and those targeting multiple regions ( 120) were the leading types of incidents in Q1.
Healthcare segment disclosed a 47 per cent rise, while education and finance declared 40 per cent and 39 per cent rise respectively. In Q1 2018, McAfee Labs recorded, on average, five new malware samples per second, including threats showing notable technical developments improving upon the latest successful technologies and tactics to outmaneuver their targets” defenses. The total number of malware samples grew 37 per cent in the past four quarters to more than 734 million samples.
MOBILE MALWARE:
Total known malware samples grew 42 per cent in the past four quarters. Global infections of mobile devices fell by 2 per cent; Africa reported the highest rate, at 15 per cent.