McAfee, one of the leading cybersecurity companies, released its Threat Report for December 2017. The report identifies the growth and trends of latest malware, ransomware and malicious cyber threats in Q3 2017.
According to the report statistics, new malware sample count in Q3 touched 57.6 million, which is an increase of 10% from Q2. With this, the total count in the McAfee Labs sample database has now reached more than 780 million. The potential reason behind this increase is the availability of exploit kits and dark web sources.
The third quarter revealed that attackers’ threat designs continue to benefit from the dynamic, benign capabilities of platform technologies like PowerShell, a reliable recklessness on the part of individual phishing victims, and what seems to be an equally reliable failure of organizations to patch known vulnerabilities with available security updates,” said Raj Samani, McAfee’s Chief Scientist.
Amongst industries, health and public sectors were the worst affected, accounting to more than 40% of the total incidents.
Account hijacking followed by leaks, malware, DDoS were the top attack vectors.
The total mobile malware was found to be increasing, reaching 2.1 million samples, with 60% increase in new mobile malware, probably due to Android screen-locking ransomware.
The attackers are taking advantage of the known vulnerabilities, like CVE-2017-0199 vulnerability in Microsoft Office.
The report identified new variations of Trickbot banking Trojan which featured code that embedded the EternalBlue exploit. It was the exploit responsible behind massive WannaCry and NotPetya ransomware attacks in Q2.
Attackers, despite Microsoft’s security patches updates, were able to combine the known vulnerability with other features like cryptocurrency theft, making these Trickbot versions one of the most active banking trojans during Q3.
“The year 2017 will be remembered as the time when such vulnerabilities were exploited to orchestrate large-scale cyber events, including the WannaCry and NotPetya ransomware outbreaks, and high-profile breaches such as at Equifax,” – said Steve Grobman, Chief Technology Officer at McAfee.
Fileless threats were also identified to be a growing concern in Q3, including high growth in PowerShell malware (up to 119%). Emotet banking trojan was one of the most prominent in Fileless threats.
In the ransomware space, Lukitus ransomware – a new version of Locky Ransomware, was distributed via more than 23 million spam emails within the first 24 hours of the attack.
The research team at McAfee also found that DragonFly 2.0 malware which was discovered in early 2017, has affected organizations that were not made public including pharmaceutical, accounting and financial services.
“The actors involved in the DragonFly 2.0 attacks have a reputation for initiating attacks for the purpose of conducting reconnaissance on the inner workings of targeted sectors—with energy and pharmaceutical confirmed as top priorities,” said Christiaan Beek, McAfee Lead Scientist and Principal Engineer.
Find the complete report, here.