McAfee, the device-to-cloud cybersecurity company, today released its McAfee
Labs Threats Report: December 2018, examining activity in
the cybercriminal underground and the evolution of cyber threats in Q3
2018. McAfee Labs saw an average of 480 new threats per minute and a
sharp increase in malware targeting IoT devices. The ripple effect of
the 2017 takedowns of Hansa and AlphaBay dark web markets continued as
entrepreneurial cybercriminals took new measures to evade law
“Cybercriminals are eager to weaponize vulnerabilities both new and old,
and the number of services now available on underground markets has
dramatically increased their effectiveness,” said Christiaan Beek, lead
scientist at McAfee. “As long as ransoms are paid and relatively easy
attacks, such as phishing campaigns, are successful, bad actors will
continue to use these techniques. Following up-and-coming trends on the
underground markets and hidden forums allow the cybersecurity community
to defend against current attacks and stay a step ahead of those in our
Each quarter, McAfee assesses the state of the cyber threat landscape
based on in-depth research, investigative analysis, and threat data
gathered by the McAfee® Global Threat Intelligence cloud from over a
billion sensors across multiple threat vectors around the world.
Cybercriminal Underground and Hidden Chat Forums Reveal Trends
The third quarter of 2018 saw the Dream, Wall Street, and Olympus
markets clamoring for market share, until the mysterious disappearance
of Olympus. In an effort to evade law enforcement and build trust
directly with customers, some entrepreneurial cybercriminals have
shifted away from using larger markets to sell their goods and have
begun creating their own specialized shops. This shift has sparked a new
line of business for website designers offering to build hidden
marketplaces for aspiring shady business owners.
“Cybercriminals are very opportunistic in nature,” said John Fokker,
head of cybercriminal investigations at McAfee. “The cyberthreats we
face today once began as conversations on hidden forums and grew into
products and services available on underground markets. Additionally,
the strong brands we see emerging offer a lot to cybercriminals: higher
infection rates, and both operational and financial security. ”
Hacker forums provide an elusive space for cybercriminals to discuss
cybercrime-related topics with their peers. McAfee researchers witnessed
conversations around the following topics in Q3:
Q3 2018 Threats Activity
Cryptomining and IoT. IoT devices such as cameras or video
recorders have not typically been used for cryptomining because they
lack the CPU power of desktop and laptop computers. However,
cybercriminals have taken notice of the growing volume and lax security
of many IoT devices and have begun to focus on them, harnessing
thousands of devices to create a mining super-computer. New malware
targeting IoT devices grew 72%, with total malware growing 203% in the
last four quarters. New coinmining malware grew nearly 55%, with total
malware growing 4,467% in the last four quarters.
PowerShell malware grew 24%.
Security incidents. McAfee Labs counted 215 publicly
disclosed security incidents, a decrease of 12% from Q2. 44% of all
publicly disclosed security incidents took place in the Americas,
followed by 17% in Europe and 13% in Asia-Pacific.
Vertical industry targets. Disclosed incidents targeting
financial institutions rose 20%, as McAfee researchers observed an
increase in spam campaigns leveraging uncommon file types, an effort to
increase chances of evading basic email protections. McAfee researchers
also observed banking malware include two-factor operations in web
injects to evade two-factor authentication. These tactics follow a broad
effort on the part of financial institutions to increase security in
Disclosed incidents targeting health care remained stagnant, public
sector decreased 2%, and education sector decreased 14%.
Regional Targets. McAfee researchers observed a new malware
family, CamuBot, targeting Brazil in Q3. CamuBot attempts to camouflage
itself as a security module required by the financial institutions it
targets. Although organized cyber gangs in Brazil are very active in
targeting their own population, their campaigns have been crude in the
past. With CamuBot, Brazilian cybercriminals appear to have learned from
their peers, adapting their malware to be more sophisticated and
comparable to that on other continents.
Disclosed incidents targeting the Americas fell 18%, Asia-Pacific fell
22%, and Europe increased 38%.
Attack vectors. Malware led disclosed attack vectors,
followed by account hijacking, leaks, unauthorized access, and
Ransomware. GandCrab, one of the most active families of the
quarter, increased its required ransom payment to US$2,400 from $1,000.
Exploit kits, the delivery vehicles for many cyberattacks, added support
for vulnerabilities and ransomware. New ransomware samples grew 10%, and
total ransomware samples grew 45% over the last four quarters.
Mobile malware. New mobile malware decreased by 24%. Despite
the downward trend, some unusual mobile threats appeared, including a
fake Fortnite “cheat” app and a fake dating app. Targeting members of
the Israel Defense Forces, the latter app allowed access to device
location, contact list, and camera and had the ability to listen to
Malware overall. New malware samples increased by 53%. The
total number of malware samples grew 34% in the past four quarters.
Mac malware. New Mac OS malware samples
increased by 9%. Total Mac OS malware grew 51% over the last four
Macro malware. New macro malware increased by 32%, growing
24% over the last four quarters.
Spam campaigns. 53% of spam botnet traffic in Q3 was driven
by Gamut, the top spam-producing botnet spewing “sextortion” scams,
which demand payment and threaten to reveal victim browsing habits.
McAfee is the device-to-cloud cybersecurity company. Inspired by the
power of working together, McAfee creates business and consumer
solutions that make our world a safer place. www.mcafee.com
About McAfee Labs and Advanced Threat Research
McAfee Labs and McAfee Advanced Threat Research are a leading source for
threat research, threat intelligence, and cybersecurity thought
leadership. With data from over a billion sensors across key threats
vectors—file, web, message, and network— McAfee Labs and McAfee Advanced
Threat Research deliver real-time threat intelligence, critical
analysis, and expert thinking to improve protection and reduce risks.
McAfee® and the McAfee logo are trademarks of McAfee, LLC or its
subsidiaries in the United States and other countries. Other marks and
brands may be claimed as the property of others.
View source version on businesswire.com: https://www.businesswire.com/news/home/20181218005639/en/