[December 18, 2017] |
|
McAfee Labs Report Sees Known Exploits and Fileless Malware Drive Record New Malware Surge
McAfee (News - Alert), one of the world's leading cybersecurity companies, today
released its McAfee
Labs Threat Report: December 2017, examining the growth
and trends of new malware, ransomware, and other threats in Q3 2017.
McAfee Labs saw malware reach an all-time high of 57.6 million new
samples-four new samples per second-featuring developments such as new
fileless malware using malicious macros, a new version of Locky
ransomware dubbed Lukitus, and new variations of the banking Trojans
Trickbot and Emotet. Threats attempting to exploit Microsoft (News - Alert) technology
vulnerabilities were very prominent despite the fact that the platform
vendor addressed these issues with patches as early as the first quarter
of 2017.
"The third quarter revealed that attackers' threat designs continue to
benefit from the dynamic, benign capabilities of platform technologies
like PowerShell, a reliable recklessness on the part of individual
phishing victims, and what seems to be an equally reliable failure of
organizations to patch known vulnerabilities with available security
updates," said Raj Samani, McAfee's Chief Scientist. "Although attackers
will always seek ways to use newly developed innovations and established
platforms against us, our industry perhaps faces a greater challenge in
the effort to influence individuals and organizations away from becoming
their own worst enemies."
Each quarter, McAfee Labs assesses the state of the cyber threat
landscape based on threat data gathered by the McAfee Global Threat
Intelligence cloud from hundreds of millions of sensors across multiple
threat vectors around the world. McAfee Advanced Threat Intelligence
complements McAfee Labs by providing in-depth investigative analysis of
cyberattacks from around the globe.
Known Vulnerabilities Exploited
The third quarter of 2017 saw cybercriminals continue to take advantage
of Microsoft Office vulnerabilities such as CVE-2017-0199, which took
advantage of a vulnerability within both Microsoft Office and WordPad to
allow remote code execution through specially crafted files. To execute
this attack, many took advantage of a tool available via GitHub offering
an easy route to creating a backdoor attack without complex
configuration.
New variations of the Trickbot banking Trojan featured code that
embedded the EternalBlue exploit responsible for the massive WannaCry
and NotPetya ransomware outbreaks in Q2. Despite Microsoft's continued
efforts to counter EternalBlue with security patches, the new Trickbot
authors still found the proven technique to be effective. They combined
it with new features such as cryptocurrency theft and new delivery
methods, and made these new Trickbot versions the most active banking
Trojans in Q3.
"Once vulnerabilities are discovered and disclosed 'into the wild,' or
the hacker community, they present a blueprint for malicious parties
seeking to develop sophisticated threats that exploit them," said Steve
Grobman, Chief Technology Officer at McAfee. "The year 2017 will be
remembered as the time when such vulnerabilities were exploited to
orchestrate large-scale cyber events, including the WannaCry and
NotPetya ransomware outbreaks, and high-profile breaches such as at
Equifax. Only by investing more in the discovery and remediation of
cyber vulnerabilities can technology vendors, governments, and business
enterprises hope to gain a step on the cybercriminals working furiously
to uncover and take advantage of them."
Fileless Threats
Fileless threats continued to be a growing concern in Q3, with
PowerShell malwar growing by 119%. Very prominent in this category was
the Emotet banking Trojan, which spread around the world through large
spamming campaigns, and lured users into downloading Microsoft Word
documents. This act inadvertently activates a PowerShell macro that
downloads and installs the malware on their systems.
"Although many cyberattacks continue to rely on the exploitation of
basic security vulnerabilities, exposures, and user behaviors, fileless
threats leverage the utility of our own system capabilities," said
Vincent Weafer, Vice President for McAfee Labs. "By leveraging trusted
applications or gaining access to native system operating tools such as
PowerShell or JavaScript, attackers have made the development leap
forward to take control of computers without downloading any executable
files, at least in the initial stages of the attack."
Lukitus Ransomware
One of the key developments in the ransomware space was the emergence of
Lukitus, a new version of Locky ransomware. The ransomware was
distributed by more than 23 million spam emails within the first 24
hours of the attack. Overall in the category, new ransomware samples
increased by 36%. The number of total ransomware samples has grown 44%
in the past four quarters to 12.3 million samples.
DragonFly: New Industries, New Objectives
The McAfee Advanced Threat Research team found that DragonFly 2.0, the
malware discovered earlier in 2017 in the energy sector, has targeted
organizations beyond original discoveries, including the pharmaceutical,
financial services, and accounting industries. These attacks were
initiated through spear-phishing emails, luring recipients to click on
links that download the Trojan and provide attackers with network access.
"The actors involved in the DragonFly 2.0 attacks have a reputation for
initiating attacks for the purpose of conducting reconnaissance on the
inner workings of targeted sectors-with energy and pharmaceutical
confirmed as top priorities," said Christiaan Beek, McAfee Lead
Scientist and Principal Engineer. "The intellectual property and insider
insights they obtain upon gaining access to targeted sectors is of
tremendous economic value."
Q3 2017 Threat Activity
Security incidents. McAfee Labs counted 263 publicly disclosed
security incidents in Q3, a decrease of 15% from Q2. More than 60% of
all publicly disclosed security incidents in Q3 took place in the
Americas.
Vertical industry targets. The health and public sectors
accounted for more than 40% of total incidents in Q3.
-
North America. Health sector attacks continued to lead vertical
sectors in Q3 security incidents.
-
Asia. Public sector, followed by technology and individual
attacks led in reported Q3 incidents.
-
Europe, Oceana and Africa. Public sector attacks led reported
Q3 incidents.
Attack vectors. Account hijacking led disclosed attack vectors,
followed by leaks, malware, DDoS, and targeted attacks.
Mobile malware. Total mobile malware continued to grow, reaching
21.1 million samples. New mobile malware increased by 60% from Q2,
largely due to a rapid increase in Android (News - Alert) screen-locking ransomware.
Malware overall. New malware samples increased in Q3 to 57.5
million, a 10% increase. The total number of malware samples grew 27% in
the past four quarters to almost 781 million samples.
Fileless malware. While JavaScript malware growth slowed by 26%
in Q3, PowerShell malware more than doubled with 119%.
Ransomware. New ransomware samples rose by 36% in Q3. The total
number of new ransomware samples grew 14% in the last quarter to 12.2
million samples.
Mac malware. Mac OS malware samples increased by 7% in Q3.
Macro malware. Total macro malware continued to grow, increasing
by 8% in Q3.
Spam campaigns. The Gamut botnet remains the most prevalent
spamming botnet during Q3, with the Necurs botnet a close second. Necurs
proliferated several Ykcol (Locky) ransomware campaigns throughout the
quarter with themes such as "Status Invoice," "Your Payment," and
"Emailing: [Random Numbers] JPG."
For more information on these threat trends and statistics, please visit:
About McAfee Labs
McAfee Labs is one of the world's leading sources for threat research,
threat intelligence, and cybersecurity thought leadership. With data
from hundreds of millions of sensors across key threats vectors-file,
web, and network-McAfee Labs delivers real-time threat intelligence,
critical analysis, and expert thinking to improve protection and reduce
risks. McAfee Labs also develops core threat detection technologies that
are incorporated into the broadest security product portfolio in the
industry.
About McAfee
McAfee
is one of the world's leading independent cybersecurity companies.
Inspired by the power of working together, McAfee creates business and
consumer solutions that make the world a safer place.
McAfee technologies' features and benefits depend on system
configuration and may require enabled hardware, software, or service
activation. No computer system can be absolutely secure.
View source version on businesswire.com: http://www.businesswire.com/news/home/20171217005042/en/
[ Back To Mobile World Congress's Homepage ]
|