Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

7/23/2020
09:55 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

McAfee Report Finds Increase in Cyberthreats Amid COVID-19

McAfee Labs saw an average of 375 new threats per minute and a surge of cybercriminals exploiting the pandemic.

SANTA CLARA, Calif.--(BUSINESS WIRE)--McAfee, the device-to-cloud cybersecurity company, today released its McAfee COVID-19 Threat Report: July 2020 examining cybercriminal activity related to COVID-19 and the evolution of cyber threats in Q1 2020. McAfee Labs saw an average of 375 new threats per minute and a surge of cybercriminals exploiting the pandemic through COVID-19 themed malicious apps, phishing campaigns, malware, and more. New PowerShell malware increased 688% over the course of the quarter while total malware grew 1,902% over the past four quarters. Disclosed incidents targeting the public sector, individuals, education and manufacturing increased; nearly 47% of all publicly disclosed security incidents took place in the United States.

“Thus far, the dominant themes of the 2020 threat landscape have been cybercriminal’s quick adaptation to exploit the pandemic and the considerable impact cyberattacks have had,” said Raj Samani, McAfee fellow and chief scientist. “What began as a trickle of phishing campaigns and the occasional malicious app quickly turned into a deluge of malicious URLs and capable threat actors leveraging the world’s thirst for more information on COVID-19 as an entry mechanism into systems across the globe.”

Each quarter, McAfee assesses the state of the cyber threat landscape based on in-depth research, investigative analysis, and threat data gathered by the McAfee® Global Threat Intelligence cloud from over a billion sensors across multiple threat vectors around the world.

CAPABLE THREAT ACTORS EXPLOIT PANDEMIC

McAfee researchers found it is typical of COVID-19 campaigns to use pandemic-related subjects including testing, treatments, cures, and remote work topics to lure targets into clicking on a malicious link, download a file, or view a PDF. To track these campaigns, McAfee Advanced Programs Group (APG) has published a COVID-19 Threat Dashboard, which includes top threats leveraging the pandemic, most targeted verticals and countries, and most utilized threat types and volume over time. The dashboard is updated daily at 4pmET; more information can be found here: McAfee APG COVID-19 Threat Dashboard.

“Cybersecurity cannot be solved by cookie cutter approaches, each organization is unique and has specific intelligence requirements and objectives,” said Patrick Flynn, head of McAfee APG. “The McAfee COVID-19 Threat Dashboard utilizes data to create true analyzed intelligence, which allows users to understand the total threat environment, informing them of potential threats before they are weaponized."

DATA BREACHES: THE NEW RANSOMWARE ATTACK

Over the course of the first quarter of 2020, McAfee Advanced Threat Research (ATR) observed malicious actors focus on sectors where availability and integrity are fundamental, for example manufacturing, law and construction firms.

“No longer can we call these attacks just ransomware incidents. When actors have access to the network and steal the data prior to encrypting it, threatening to leak if you don’t pay, that is a data breach,” said Christiaan Beek, senior principal engineer and lead scientist. “Using either weakly protected Remote Desktop Protocol or stolen credentials from the underground, we have observed malicious actors moving at lightspeed to learn the network of their victims and effectively steal and then encrypt their data.”

New ransomware declined 12% in Q1; total ransomware increased 32% over the past four quarters.

Q1 2020 THREATS ACTIVITY

Malware overall. New malware samples slowed by 35%; total malware increased 27% over the past four quarters. New Mac OS malware samples increased by 51%.

Mobile malware. New mobile malware increased by 71%, with total malware growing nearly 12% over the past four quarters.

Regional Targets. Disclosed incidents targeting the Americas increased 60%, incidents targeting Asia-Pacific increased 27%, while Europe decreased 7%.

Security incidents. McAfee Labs counted 458 publicly disclosed security incidents, an increase of 41% from Q4. 50% of all publicly disclosed security incidents took place in North America, followed 9% in Europe. Nearly 47% of all publicly disclosed security incidents took place in the United States.

Vertical industry targets. Disclosed incidents targeting the public sector increased 73% individuals increased 59%, education increased 33%, and manufacturing increased 44%.

Attack vectors. Overall, malware led disclosed attack vectors, followed by account hijacking and targeted attacks.

Cryptomining. New coinmining malware increased 26%. Total coinmining malware samples increased nearly 97% over the past four quarters.

Fileless malware. New JavaScript malware declined nearly 38%, while total malware grew nearly 24% over the past four quarters. New PowerShell malware increased 689%; total malware grew 1,902% over the past four quarters.

IoT. New malware samples increased nearly 58%; total IoT malware grew 82% over the past four quarters.

Resources:

About McAfee

McAfee is the device-to-cloud cybersecurity company. Inspired by the power of working together, McAfee creates business and consumer solutions that make our world a safer place. www.mcafee.com

About McAfee Labs and Advanced Threat Research

McAfee Labs and McAfee Advanced Threat Research are a leading source for threat research, threat intelligence, and cybersecurity thought leadership. With data from over a billion sensors across key threats vectors—file, web, message, and network— McAfee Labs and McAfee Advanced Threat Research deliver real-time threat intelligence, critical analysis, and expert thinking to improve protection and reduce risks.

McAfee® and the McAfee logo are trademarks of McAfee, LLC or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others.

 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/30/2020
'Act of War' Clause Could Nix Cyber Insurance Payouts
Robert Lemos, Contributing Writer,  10/29/2020
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Measure and Reduce Cybersecurity Risk in Your Organization
In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5991
PUBLISHED: 2020-10-30
NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.
CVE-2020-15273
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can ac...
CVE-2020-15276
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1.
CVE-2020-15277
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1.
CVE-2020-7373
PUBLISHED: 2020-10-30
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is ...