Security Market Segment LS
Thursday, 29 August 2019 12:42

McAfee warns of global malware resurgence, massive ransomware growth Featured

By
McAfee warns of global malware resurgence, massive ransomware growth Image Stuart Miles, FreeDigitalPhotos.net

Security firm McAfee has uncovered what it says is a global malware resurgence, with new ransomware growing 118% as cybercriminals adopt new tactics and code innovations.

In its McAfee Labs Threats Report for August McAfee says it saw an average of 504 new threats per minute in the first quarter of 2019 and a resurgence of ransomware along with changes in campaign execution and code.

The security firm also says that more than 2.2 billion stolen account credentials were made available on the cybercriminal underground over the course of the quarter – with 68% of targeted attacks utilised spearphishing for initial access, and 77% relying on user actions for campaign execution.

“The impact of these threats is very real,” said Raj Samani, McAfee fellow and chief scientist.

“It’s important to recognise that the numbers, highlighting increases or decreases of certain types of attacks, only tell a fraction of the story. Every infection is another business dealing with outages, or a consumer facing major fraud. We must not forget for every cyberattack, there is a human cost.” 

McAfee Advanced Threat Research (ATR) observed innovations in ransomware campaigns, with shifts in initial access vectors, campaign management and technical innovations in the code.

McAfee says that while spearphishing remained popular, ransomware attacks increasingly targeted exposed remote access points, such as Remote Desktop Protocol (RDP).

“”These credentials can be cracked through a brute-force attack or bought on the cybercriminal underground. RDP credentials can be used to gain admin privileges, granting full rights to distribute and execute malware on corporate networks,” McAfee notes.

McAfee says its researchers also observed actors behind ransomware attacks using anonymous email services to manage their campaigns versus the traditional approach of setting up command-and-control (C2) servers.

And McAfee says authorities and private partners often hunt for C2 servers to obtain decryption keys and create evasion tools – so the use of email services is perceived by threat actors to be a more anonymous method of conducting criminal business. 

The most active ransomware families of the quarter appeared to be Dharma (also known as Crysis), GandCrab and Ryuk. Other notable ransomware families of the quarter include Anatova - which was exposed by McAfee Advanced Threat Research before it had the opportunity to spread broadly - and Scarab, a persistent and prevalent ransomware family with regularly discovered new variants.

Overall, McAfee says new ransomware samples increased 118%.

“After a periodic decrease in new families and developments at the end of 2018, the first quarter of 2019 was game on again for ransomware, with code innovations and a new, much more targeted approach” said Christiaan Beek, McAfee lead scientist and senior principal engineer.

“Paying ransoms supports cybercriminal businesses and perpetuates attacks. There are other options available to victims of ransomware. Decryption tools and campaign information are available through tools such as the No More Ransom project.”

Mc Afee lists Q1 2019 Threats Activity as:

Attack vectors.  Malware led disclosed attack vectors, followed by account hijacking and targeted attacks.

Cryptomining. New coin mining malware increased 29%. McAfee ATR observed CookieMiner malware targeting Apple users, attempting to obtain bitcoin wallets credentials. As a byproduct, the malware also gained access to passwords and browsing data. Total coin mining malware samples grew 414% over the past four quarters.

Fileless malware. New JavaScript malware declined 13%, while total malware grew 62% over the past four quarters. New PowerShell malware increased 460% due to the use of downloader scripts. Total malware grew 76% over the past four quarters.

IoT. Cybercriminals continued to leverage lax security in IoT devices. New malware samples increased 10%; total IoT malware grew 154% over the past four quarters. 

Malware overall. New malware samples increased by 35%. New Mac OS malware samples declined by 33%.

Mobile malware.  New mobile malware samples decreased 15%, total malware grew 29% over the past four quarters. 

Security incidents. McAfee Labs counted 412 publicly disclosed security incidents, an increase of 20% from Q4. Thirty-two percent of all publicly disclosed security incidents took place in the Americas, followed by 13% in Europe and 13% in Asia-Pacific.

Regional Targets. Disclosed incidents targeting the Asia-Pacific region increased 126%, Americas declined nearly 3% and Europe decreased nearly 2%. 

Vertical industry activity. Disclosed incidents impacting individuals spiked 78%, education sector increased 50%, healthcare increased 18%, public sector decreased 10%, and financial sector increased 89%.

Targeted attacks. McAfee identified a high number of campaigns that effectively minimised the data reconnaissance required to successfully execute attacks. Actors primarily focused on large organisations in the Government/Administration sector, followed by Finance, Chemical, Defense, and Education sectors. Initial access was gained by spearphishing in 68% of attacks and 77% relied upon specific user actions for attack execution.

Underground. More than 2.2 billion stolen account credentials were made available on the cybercriminal underground over the course of the quarter. The largest dark market, Dream Market, announced its plan to close, citing a large number of distributed denial of service (DDoS) attacks. Law enforcement successfully seized and closed operations of xDedic, one of the largest RDP shops reportedly selling access to approximately 70,000 hacked machines.

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Peter Dinham

Peter Dinham is a co-founder of iTWire and a 35-year veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments