Cryptocurrency mining on an upswing: Report
McAfee Labs has seen on average eight new threat samples per second and the increasing use of fileless malware attacks leveraging Microsoft PowerShell. The Q4 spike in Bitcoin value prompted cybercriminals to focus on cryptocurrency hijacking through a variety of methods, including malicious Android apps.
Each quarter, McAfee Labs assesses the state of the cyber threat landscape based on threat data gathered by the McAfee Global Threat Intelligence cloud from hundreds of millions of sensors across multiple threat vectors around the world. McAfee Advanced Threat Research complements McAfee Labs by providing in- depth investigative analysis of cyber attacks from around the globe.
New Strategies, Tactics Q4 2017 saw the rise of newly diversified cybercriminals, as a significant number of actors embraced novel criminal activities to capture new revenue streams. For instance, the spike in the value of Bitcoin prompted actors to branch out from moneymakers such as ransomware to the practice of hijacking Bitcoin and Monero wallets. McAfee researchers discovered Android apps developed exclusively for the purpose of cryptocurrency mining and observed discussions in underground forums suggesting Litecoin as a safer model than Bitcoin, with less chance of exposure.
Cybercriminals also continued to adopt fileless malware leveraging Microsoft PowerShell, which surged 432 per cent over the course of 2017, as the threat category became a go- to toolbox. The scripting language was used within Microsoft Office files to execute the first stage of attacks.
Health Care Targeted
Although publicly disclosed security incidents targeting health care decreased by 78 per cent in the fourth quarter of 2017, the sector experienced a dramatic 210 per cent overall increase in incidents in 2017. Through their investigations, McAfee Advanced Threat Research analysts conclude many incidents were caused by organisational failure to comply with security best practices or address known vulnerabilities in medical software.
McAfee Advanced Threat Research analysts looked into possible attack vectors related to health care data, finding exposed sensitive images and vulnerable software. Combining these attack vectors, analysts were able to reconstruct patient body parts and print three- dimensional models. .
Q4 2017 Threats Activity
Fileless malware. In Q4 JavaScript malware growth continued to slow with new samples decreasing by 9 per cent, while new PowerShell malware more than tripled, growing 267 per cent.
Security incidents. McAfee Labs counted 222 publicly disclosed security incidents in Q4, a decrease of 15 per cent from Q3. 30 per cent of all publicly disclosed security incidents in Q4 took place in the Americas, followed by 14 per cent in Europe and 11 per cent in Asia.
Industry targets. Public, health care, education, and finance, respectively, led vertical sector security incidents for 2017.
Health care - Incidents rose by 210 per cent, fell just 78 per cent in Q4.
Public sector incidents decreased 15 per cent, down by 37 per cent in Q4.
Education incidents rose 125 per cent, remained stagnant in Q4.
Finance incidents rose 16 per cent, fell by just 29 per cent in Q4.
Regional Targets.
America rose 46 per cent, fell 46 per cent, Asia rose 28 per cent, fell 58 per cent, Europe rose 18 per cent, fell 20 per cent and Oceania rose 42 per cent and fell 33 per cent in Q4 respectively.
Attack vectors. In Q4 and 2017 overall, malware led disclosed attack vectors, followed by account hijacking, leaks, distributed denial of service, and code injection.
Ransomware. The fourth quarter saw notable industry and law enforcement successes against criminals responsible for ransomware campaigns. New ransomware samples grew 59 per cent over the last four quarters, while new ransomware samples growth rose 35 per cent in Q4. The total number of ransomware samples increased 16 per cent in the last quarter to 14.8 million samples.