Cybercriminals have extended their operations in crypto jacking and other cryptocurrency mining schemes, where perpetrators hijack victims’ browsers or infect their systems to secretly use them to mine for legitimate cryptocurrencies such as Bitcoin. This category of coin miner malware grew a stunning 629% in the first quarter of 2018, according to the McAfee Labs Threats Report: June 2018,’ rocketing from around 400,000 total known samples in Q4 2017 to more than 2.9 million the next quarter.
“Cybercriminals will gravitate to criminal activity that maximizes their profit,” said Steve Grobman, chief technology officer (CTO) of McAfee. “In recent quarters we have seen a shift to ransomware from data-theft, as ransomware is a more efficient crime. With the rise in value of cryptocurrencies, the market forces are driving criminals to crypto-jacking and the theft of cryptocurrency. Cybercrime is a business, and market forces will continue to shape where adversaries focus their efforts.”
Healthcare, Education, Finance
McAfee Labs counted 313 publicly disclosed security incidents in Q1 2018, a 41% increase over Q4. Incidents involving multiple sectors (37) and those targeting multiple regions (120) were the leading types of incidents in Q1.
- Healthcare – Disclosed incidents in health care rose 47%. Cybercriminals continued to target the sector with the SAMSA ransomware, and there were numerous cases in which hospitals were compelled to pay the criminals.
- Education – Incidents of attacks on the education sector rose 40%, with ransomware being a notable culprit in attacks on schools and related institutions.
- Finance – Disclosed incidents increased by 39%, which included continuous attacks on the SWIFT banking system. These attacks were not always region specific, as was the case in previous years, but McAfee identified activity in Russia, and related reconnaissance efforts in Turkey and South America.
Malware Samples Q1 2018
In Q1 2018, McAfee Labs recorded, on average, five new malware samples per second, including threats showing notable technical developments improving upon the latest successful technologies and tactics to outmaneuver their targets’ defenses.
- From PowerShell to LNK – While PowerShell attacks slowed from its 2017 surge, cybercriminals saw increases in exploits of other benign technologies. The total count of malware that exploits LNK capabilities surged 59% over the previous quarter.
- From Locky to Gandcrab – Although the growth in new ransomware slowed by 32% in Q1 2018, the Gandcrab strain infected around 50,000 systems in the first three weeks of the quarter, supplanting Locky ransomware variants as the quarter’s ransomware leader. Gandcrab uses new criminal methodologies, such as transacting ransom payments through the Dash cryptocurrency rather than through Bitcoin.
- Malware – The total number of malware samples grew 37% in the past four quarters to more than 734 million samples.
- Mobile malware – Total known malware samples grew 42% in the past four quarters. Global infections of mobile devices fell by 2%; Africa reported the highest rate, at 15%.