McAfee released its McAfee Labs Threats Report: March 2018, examining the growth and trends of new malware, ransomware, and other threats in Q4 2017.
The company saw on average eight new threat samples per second, and the increasing use of fileless malware attacks leveraging Microsoft PowerShell.
The Q4 spike in Bitcoin value prompted cybercriminals to focus on cryptocurrency hijacking through a variety of methods, including malicious Android apps.
The report revealed a 211 percent rise in disclosed security incidents which were related to health care experiences in 2017. while fileless malware leveraging Microsoft’s PowerShell software increased to 267 percent in the fourth quarter of the previous year with cybercriminals following the money which is seen in cryptocurrency mining.
“The fourth quarter was defined by rapid cybercriminal adoption of newer tools and schemes—fileless malware, cryptocurrency mining, and steganography. Even tried-and-true tactics, such as ransomware campaigns, were leveraged beyond their usual means to create smoke and mirrors to distract defenders from actual attacks,” said Raj Samani, McAfee Fellow and Chief Scientist. “Collaboration and liberalised information-sharing to improve attack defenses remain critically important as defenders work to combat escalating asymmetrical cyberwarfare.”
According to the cybersecurity firm, the fourth quarter of 2017 saw the rise of newly diversified cybercriminals, as a significant number of actors embraced novel criminal activities to capture new revenue streams. For instance, the spike in the value of Bitcoin prompted actors to branch out from moneymakers such as ransomware, to the practice of hijacking Bitcoin and Monero wallets.
McAfee researchers discovered Android apps developed exclusively for the purpose of cryptocurrency mining and observed discussions in underground forums suggesting Litecoin as a safer model than Bitcoin, with less chance of exposure.
Cybercriminals also continued to adopt fileless malware leveraging Microsoft PowerShell, which surged 432 percent over the course of 2017, as the threat category became a go-to toolbox. The scripting language was used within Microsoft Office files to execute the first stage of attacks.
“By going digital along with so many other things in our world, crime has become easier to execute, less risky and more lucrative than ever before,” said Steve Grobman, Chief Technology Officer for McAfee. “It should be no surprise to see criminals focusing on stealthy fileless PowerShell attacks, low risk routes to cash through cryptocurrency mining, and attacks on soft targets such as hospitals.”
The study also revealed that although publicly disclosed security incidents targeting healthcare decreased by 78 percent in the fourth quarter of 2017, the sector experienced a dramatic 210 percent overall increase in incidents in 2017. Through their investigations, McAfee Advanced Threat Research analysts conclude many incidents were caused by organisational failure to comply with security best practices or address known vulnerabilities in medical software.
McAfee Advanced Threat Research analysts looked into possible attack vectors related to healthcare data, finding exposed sensitive images and vulnerable software. Combining these attack vectors, analysts were able to reconstruct patient body parts, and print three-dimensional models.