Content, Content

McAfee Report: Healthcare Attacks, Fileless Malware, Cryptocurrency Mining Spiked in Q4 2017

McAfee CTO Steve Grobman
McAfee CTO Steve Grobman
McAfee Chief Scientist Rah Samani

Cyber crooks are getting smarter, more inventive and diversifying their attack portfolios, security expert McAfee said in a newly released threat report for Q4 2017 that tracks malware, ransomware and other security menaces during the period.

Among the contributing factors to a substantial rise in cyber hacking frequency and severity is a spike in cryptocurrency value during Q4 2017, which attracted cyber criminals like hornets to a nest. As expected, McAfee's data showed there's a lot of gloom out there:

  • Fileless malware leveraging Microsoft PowerShell climbed 67 percent Q4 2017 and surged 432 percent for the year.
  • Cryptocurrency mining is spreading fast.
  • New ransomware grew by 35 percent in Q4, a 59 percent rise year-over-year.
  • New mobile malware declined by 35 percent in Q4.
  • New Mac OS malware samples increased by 24 percent in Q4. Total Mac OS malware increased by 243 percent in 2017.

But there were some Q4 vertical market bright spots sprinkled in amid the downers:

  • Health care incidents slid nearly 80 percent in Q4. For the entire year, episodes spiked 211 percent based on disclosed attacks.
  • Disclosed public sector incidents fell 37 percent in Q4 and 15 percent for the whole year.
  • Education hacks stayed constant in Q4. Overall hacks in the segment rose 125 percent.
  • Financial market attacks slipped 29 percent in Q4 but climbed by 16 percent in 2017.

McAfee said it counted 222 publicly disclosed security incidents in Q4, a 15 percent decrease from the prior quarter. Some 30 percent of all revealed Q4 hacks took place in the Americas, followed by 14 percent in Europe and 11 percent in Asia.

As the world has become more digitized, cyber criminals have followed suit, taking advantage of crime becoming easier to execute, less risky and more profitable, said Steve Grobman, McAfee chief technology officer. For example, as Bitcoin rushed upwards in value, cyber crooks branched out from old reliables such as ransomware to embrace hijacking cryptocurrency.

More to the point, McAfee researchers discovered Android apps developed exclusively for the purpose of cryptocurrency mining. And, fileless malware leveraging Microsoft PowerShell, has become e a go-to toolbox for cyber crooks. “It should be no surprise to see criminals focusing on stealthy fileless PowerShell attacks, low risk routes to cash through cryptocurrency mining, and attacks on soft targets such as hospitals,” said Grobman.

Effectively combating threats calls for collaboration and extensive threat information sharing to improve defenses, said Raj Samani, McAfee chief scientist. “Collaboration and liberalized information-sharing to improve attack defenses remain critically important as defenders work to combat escalating asymmetrical cyberwarfare,” he said.

The McAfee report also drilled down on the particular markets and methods favored by bad actors. With healthcare, the researchers concluded that organizational failure to comply with security best practices or fix known software vulnerabilities contributed to the high number of incidents.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.