McAfee tracks eight new threats every second as cyber criminals embrace innovation
Thanks to a surge in healthcare attacks, cryptocurrency mining and fileless malware, McAfee Labs latest quarterly threat report has seen an average of eight new threat samples per second.
Highlights of the report include the healthcare sector experiencing a 211 percent increase in disclosed security incidents in 2017, and fileless malware leveraging Microsoft PowerShell growing 267 percent in the fourth quarter.
New ransomware grew 35 percent and ended 2017 with 59 percent growth year on year, however towards the end of the year cryptocurrency mining took off as criminals followed the money.
Away from the desktop, new mobile malware decreased by 35 percent, with infection rates remaining highest in South America. Apple systems have become a more attractive target for attack with new Mac OS malware samples increasing by 24 percent in Q4 and total Mac OS malware growing 58 percent in 2017.
"The fourth quarter was defined by rapid cyber criminal adoption of newer tools and schemes -- fileless malware, cryptocurrency mining, and steganography. Even tried-and-true tactics, such as ransomware campaigns, were leveraged beyond their usual means to create smoke and mirrors to distract defenders from actual attacks," says Raj Samani, McAfee fellow and chief scientist. "Collaboration and liberalized information sharing to improve attack defenses remain critically important as defenders work to combat escalating asymmetrical cyber warfare."
According to McAfee Advanced Threat Research analysts, much of the rise in healthcare attacks is caused by organizational failure to comply with security best practices or address known vulnerabilities in medical software. Analysts found exposed sensitive images and vulnerable software. Combining these attack vectors they were able to reconstruct patient body parts, and print three-dimensional models.
"Healthcare is a valuable target for cyber criminals who have set aside ethics in favor of profits," says Christiaan Beek, McAfee lead scientist and senior principal engineer. "Our research uncovered classic software failures and security issues such as hardcoded embedded passwords, remote code execution, unsigned firmware, and more. Both health care organizations and developers creating software for their use must be more vigilant in ensuring they are up to date on security best practices."
You can find out more about the results in the full report, available from the McAfee website.