Connect with us

Hi, what are you looking for?



Usual Threats, But More Sophisticated and Faster: Report

Almost Every Type of Cyber Attack is Increasing in Both Volume and Sophistication

Almost Every Type of Cyber Attack is Increasing in Both Volume and Sophistication

Eight new malware samples were recorded every second during the final three months of 2017. The use of fileless attacks, primarily via PowerShell, grew; and there was a surge in cryptocurrency hijacking malware.

These were the primary threats outlined in the latest McAfee Lab’s Threat Report (PDF) covering Q4 2017.

The growth of cryptomining malware coincided with the surge in Bitcoin value, which peaked at just under $20,000 on Dec. 22. With the cost of dedicated mining hardware at upwards of $5,000 per machine, criminals chose to steal users’ CPU time via malware. It demonstrates how criminals always follow the money, and choose the least expensive method of acquiring it with the greatest chance of avoiding detection.

Since December, Bitcoin’s value has fallen to $9,000 (at the time of publishing). Criminals’ focus on Bitcoin is likewise being modified, with Ethereum and Monero becoming popular. Last week, Microsoft discovered a major campaign focused on stealing Electroneum. “We currently see discussions in underground forums that suggest moving from Bitcoin to Litecoin because the latter is a safer model with less chance of exposure,” comments Raj Samani, chief scientist and McAfee fellow with the Advanced Threat Research Team.

The speed with which criminals adapt to their latest market conditions is also seen in the way they maximize their asymmetric advantage. “Adversaries,” writes Samani, “have the luxury of access to research done by the technical community, and can download and use opensource tools to support their campaigns, while the defenders’ level of insight into cybercriminal activities is considerably more limited, and identifying evolving tactics often must take place after malicious campaigns have begun.”

Examples of attackers making use of legitimate research include Fancy Bear (APT28) leveraging a Microsoft Office Dynamic Data Exchange technique in November 2017 that had been made public just a few weeks earlier. The hackers used it in a phishing campaign that cited the New York City terror attacks. A second example comes from the December Gold Dragon attacks on organizations involved with the Winter Olympics. In this case the attackers employed steganography, “and a new tool released days before the attack.”

Advertisement. Scroll to continue reading.

The speed of changing tactics and adopting new techniques is in sharp contrast to the delays inherent in defending against new vulnerabilities — with the two-months plus failure of Equifax to patch all of its systems with the Apache Struts patch being a prime example.

Healthcare organizations remained a significant target throughout 2017, with a 210% increase in publicly disclosed incidents, year on year — although figures declined 78% in Q4. McAfee’s research conclusion is that many of the incidents were caused by failures to comply with security best practices or to address vulnerabilities in medical software.

Botnets are a continuing problem. However, in Q4 2017, just two botnets, Necurs and Gamut, accounted for 97% of all spam botnet traffic. Gamut was responsible for delivering job offer-themed phishing (and possible money mule recruitment), in English, German, and Italian; while Necurs delivered ‘lonely girl’ spam, pump and dump stock spam, and Locky ransomware downloaders.

New ransomware detections grew consistently throughout 2017, culminating in more than 2,000,000 detections in Q4 (compared to less than 500,000 in Q4, 2016). “A big contributor to ransomware growth was Ransom:Win32/Genasom (also known as Stampado, with variants such as ‘Philadelphia‘). This family provides an inexpensive entree for cyber criminals, being offered for sale as low as $39 for a lifetime license. 

Ransomware didn’t merely increase in volume (59% year on year, and 35% in Q4 alone), it also diversified beyond just extorting money. “Actors devised strategies to create ‘smoke and mirrors’ by distracting defenders from actual attacks,” writes Samani, “such as the emergence of pseudoransomware, seen in NotPetya and a Taiwan bank heist.”

The big takeaway from the latest McAfee Lab’s Threat Report is that the cybersecurity threat landscape is continuing to worsen. Just about every type of attack is increasing in both volume and sophistication. The increasing use of PowerShell and JavaScript to avoid malicious file detection is just one example. In Q1 2016 there were around 2000 detections. By Q4 2017, this had grown to just under 48,000 — boosted “by a rash of downloaders in Q4”.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...