TMCnet News
McAfee Labs Report Sees Cyberattacks Target Healthcare and Social Media UsersMcAfee (News - Alert) Inc. today released its McAfee Labs Threats Report: September 2017, which examines the rise of script-based malware, suggests five proven threat hunting best practices, provides an analysis of the recent WannaCry and NotPetya ransomware attacks, assesses reported attacks across industries, and reveals growth trends in malware, ransomware, mobile malware, and other threats in Q2 2017. McAfee Labs saw healthcare surpass public sector to report the greatest number of security incidents in Q2, while the Faceliker Trojan helped drive quarter's 67% increase in new malware samples from the social media landscape. The second quarter of 2017 saw Facebook (News - Alert) emerge as a notable attack vector, with Faceliker accounting for as much as 8.9% of the quarter's 52 million newly detected malware samples. This Trojan infects a user's browser when she visits malicious or compromised websites. It then hijacks her Facebook "likes" and promotes the content without her knowledge or permission. Doing so at scale can earn money for the malicious parties behind Faceliker given the hijacked clicks can make a news article, video, website or ad appear more popular or trusted than it truly is. "Faceliker leverages and manipulates the social media and app based communications we increasingly use today," said Vincent Weafer, Vice President for McAfee Labs. "By making apps or news articles appear more popular, accepted and legitimate among friends, unknown actors can covertly influence the way we perceive value and even truth. As long as there is profit in such efforts, we should expect to see more such schemes in the future." McAfee Labs' quarterly analysis of publicly disclosed security incidents found public sector to be the most impacted North American sector over the last six quarters, but healthcare overtook it in Q2 with 26% of incidents. While overall healthcare data breaches are most likely the result of accidental disclosures and human error, cyberattacks on the sector continue to increase. The trend began the first quarter of 2016 when numerous hospitals around the world sustained ransomware attacks. The attacks paralyzed several departments and, in some cases, the hospitals had to transfer patients and postpone surgeries. "Whether physical or digital, data breaches in healthcare highlight the value of the sensitive personal information organizations in the sector possess," Weafer continued. "They also reinforce the need for stronger corporate security policies that work to ensure the safe handling of that information." Q2 2017 Threat Activity In the second quarter of 2017, the McAfee Labs Global Threat Intelligence network registered notable trends in cyber threat growth and cyberattack incidents across industries:
Upon Further Review: WannaCry and NotPetya McAfee's analysis of the WannaCry and NotPetya attacks builds on the organization's previous research by providing more insight into how the attacker creatively combined a set of relatively simple tactics, melding a vulnerability exploit, proven ransomware, and familiar worm propagation. McAfee notes that both attack campaigns lacked the payment and decryption capabilities to successfully extort victims' ransoms and unlock their systems. "It has been claimed that these ransomware campaigns were unsuccessful due to the amount of money made," said Raj Samani, Chief Scientist for McAfee. "However, it is just as likely that the motivation of WannaCry and NotPetya was not to make money but something else. If the motive was disruption then both campaigns were incredibly effective. We now live in a world in which the motive behind ransomware includes more than simply making money, welcome to the world of pseudo-ransomware." For more on these takeaways, please visit our blog titled "More Effective at Destruction than Ransomware." The Rise of Script-Based Malware McAfee researchers also profile the notable increase in script-based malware over the last two years. This Microsoft (News - Alert) scripting language is used to automate administration tasks such as running background commands, checking services installed on the system, terminating processes, and managing configurations of systems and servers. Malicious PowerShell scripts usually arrive on a user's machine through spam emails, gaining a foothold through social engineering rather than software vulnerabilities, and then leveraging the scripts capabilities to compromise the system. The script-based malware trend also includes the weaponization of JavaScript, VBScript, and other types of non-executable modules using .doc, PDF, .xls, HTML, and other benign standards of personal computing. Threat Hunting Best Practices The September report also suggests techniques to help threat hunters spot the presence of adversaries in their environment. Starting with the principles of what McAfee's Foundstone group calls the "three big knows"-"know the enemy, know your network, know your tools"-the report offers best practices for hunting for command and control, persistence, privilege escalation, lateral movement, and exfiltration. "One underlying assumption is that, at every moment, there is at least one compromised system on the network, an attack that has managed to evade the organization's preventive security measures," said Ismael Valenzuela, Principal Engineer, Threat Hunting and Security Analytics at McAfee. "Threat hunters must quickly find artifacts or evidence that could indicate the presence of an adversary in the network, helping to contain and eliminate an attack before it raises an alarm or results in a data breach." For guidance on how organizations can better protect their enterprises from the threats detailed in this quarter's report, visit Enterprise Blog. About McAfee Labs McAfee Labs is one of the world's leading sources for threat research, threat intelligence, and cybersecurity thought leadership. With data from millions of sensors across key threats vectors-file, web, and network-McAfee Labs delivers real-time threat intelligence, critical analysis, and expert thinking to improve protection and reduce risks. McAfee Labs also develops core threat detection technologies that are incorporated into the broadest security product portfolio in the industry. About McAfee McAfee is one of the world's leading independent cybersecurity companies. Inspired by the power of working together, McAfee creates business and consumer solutions that make the world a safer place. www.mcafee.com McAfee and the McAfee logo are trademarks of McAfee LLC in the United States and other countries. *Other names and brands may be claimed as the property of others.
View source version on businesswire.com: http://www.businesswire.com/news/home/20170925006519/en/ |