Cybersecurity firm McAfee is recording about 478 new cyber threats every minute, and the latest surge in attacks comes in the form of health care fraud, fileless malware, and cryptocurrency mining.
McAfee Labs’ Threat Report for March reveals a 211 percent increase in disclosed security incidents related to health care experiences in 2017. Fileless malware leveraging Microsoft’s PowerShell software rose 267 percent in the fourth quarter of 2017, and cybercriminals are following the money into cryptocurrency mining.
New ransomware grew 35 percent in 2017, while mobile malware actually dropped by 35 percent. And new Mac OS malware increased 24 percent in the fourth quarter of 2017.
The report examines the growth and trends of new malware, ransomware, and other threats in Q4 2017. McAfee Labs saw on average eight new threat samples per second and increasing use of fileless malware attacks leveraging Microsoft PowerShell. The Q4 spike in Bitcoin value prompted cybercriminals to focus on cryptocurrency hijacking through a variety of methods, including malicious Android apps.
“The fourth quarter was defined by rapid cybercriminal adoption of newer tools and schemes — fileless malware, cryptocurrency mining, and steganography. Even tried-and-true tactics, such as ransomware campaigns, were leveraged beyond their usual means to create smoke and mirrors to distract defenders from actual attacks,” said Raj Samani, McAfee fellow and chief scientist, in a statement. “Collaboration and liberalized information-sharing to improve attack defenses remain critically important as defenders work to combat escalating asymmetrical cyber warfare.”
Each quarter, McAfee Labs assesses the state of the cyber threat landscape based on threat data gathered by the McAfee Global Threat Intelligence cloud from hundreds of millions of sensors across multiple threat vectors around the world.
The fourth quarter of 2017 saw the rise of newly diversified cybercriminals, the report said, as a significant number of actors embraced novel criminal activities to capture new revenue streams.
For instance, the spike in the value of Bitcoin prompted an expansion from traditional moneymakers like ransomware into hijacking Bitcoin and Monero wallets. McAfee researchers discovered Android apps developed exclusively for the purpose of cryptocurrency mining and observed discussions in underground forums suggesting Litecoin as a safer model than Bitcoin, with less chance of exposure.
Cybercriminals also continued to adopt fileless malware leveraging Microsoft PowerShell, which surged 432 percent over the course of 2017, as the threat category became a go-to toolbox. The scripting language was used within Microsoft Office files to execute the first stage of attacks.
“By going digital, along with so many other things in our world, crime has become easier to execute, less risky, and more lucrative than ever before,” said Steve Grobman, chief technology officer for McAfee, in a statement. “It should be no surprise to see criminals focusing on stealthy fileless PowerShell attacks, low-risk routes to cash through cryptocurrency mining, and attacks on soft targets such as hospitals.”
Although publicly disclosed security incidents targeting health care decreased by 78 percent in the fourth quarter of 2017, the sector experienced a dramatic 210 percent overall increase in incidents in 2017. Through their investigations, McAfee Advanced Threat Research analysts conclude many incidents were caused by organizational failure to comply with security best practices or address known vulnerabilities in medical software.
The report also looked at attack vectors. In Q4 and 2017 overall, malware led disclosed attack vectors, followed by account hijacking, leaks, distributed denial of service, and code injection.
The fourth quarter saw notable industry and law enforcement successes against criminals responsible for ransomware campaigns. New ransomware samples grew 59 percent over the last four quarters, while new ransomware samples rose 33 percent in Q4.
Bitcoin miners use computing power to unlock new cryptocurrency, but it takes more and more computing power to do that as Bitcoin reaches maturity. Since miners need an increasing amount of computer power to earn Bitcoin, some have started compromising public Wi-Fi networks so they can access users’ devices to mine for Bitcoin.
McAfee said this recently happened at a coffee shop in Buenos Aires that was infected with malware causing a 10-second delay when logging into the cafe’s Wi-Fi network. The malware authors were using this time to access the users’ laptops for mining.
In addition to public Wi-Fi networks, millions of websites are being compromised to access users’ devices for mining. In fact, this has become such a widespread problem that over 1 billion devices are believed to be slowed down by web-based mining. And slowing your device down is not even the worst thing that could happen. A device that is “cryptojacked” could have 100 percent of its resources used for mining, causing the device to overheat and essentially destroying it, McAfee said.