- Malware and ransomware were top concerns for entities in 2017 Q3, with public and healthcare data security attacks accounting for more than 40 percent of total incidents in that time frame, according to a recent McAfee Labs report.
There were 57.6 million new samples of malware, an increase of 10 percent, the McAfee Labs Threat Report: December 2017 found. Furthermore, new ransomware samples increased 36 percent. The number of total ransomware samples also grew 44 percent in the past four quarters, totaling 12.3 million samples.
“The third quarter revealed that attackers’ threat designs continue to benefit from the dynamic, benign capabilities of platform technologies like PowerShell, a reliable recklessness on the part of individual phishing victims, and what seems to be an equally reliable failure of organizations to patch known vulnerabilities with available security updates,” McAfee Chief Scientist Raj Samani said in a statement.
“Although attackers will always seek ways to use newly developed innovations and established platforms against us, our industry perhaps faces a greater challenge in the effort to influence individuals and organizations away from becoming their own worst enemies.”
North America healthcare attacks also led vertical sectors in Q3 security incidents, the report showed.
Overall, account hijacking, leaks, malware, DDoS, and targeted attacks were the most common type of attack vectors. The research also found that there were 263 publicly disclosed security incidents in Q3, decreasing 15 percent from Q2.
McAfee researchers also found that mobile malware increased for Q3 and reached 21.1 million samples. There was a 60 percent increase from Q2, with a growth in Android screen-locking ransomware cited as a main cause.
Known vulnerabilities being exploited was a key contributor to attacks in Q3, McAfee researchers explained. This included “Microsoft Office vulnerabilities such as CVE-2017-0199, which took advantage of a vulnerability within both Microsoft Office and WordPad to allow remote code execution through specially crafted files.”
McAfee also noted how the ExternalBlue exploit with Microsoft was responsible for the WannaCry ransomware and NotPetya ransomware attacks earlier in 2017. EternalBlue exploited Microsoft’s Server Message Block protocol.
This was a key issue for healthcare, as covered entities may still utilize Windows XP and Windows Server 2003, which are no longer supported and updated by Microsoft.
The McAfee report added that PowerShell malware grew by 119 percent, helping to fuel the number of fileless threats.
Fileless attacks were also determined to be rising in the healthcare industry, according to a November 2017 study from Ponemon that was sponsored by Barkly.
Approximately one-third of surveyed IT and security leaders said the attacks they faced in 2017 were fileless attacks. This was an increase from the reported 20 percent in 2016. Furthermore, of the 54 percent of respondents who experienced a successful attack, 77 percent said the attack utilized an exploit or fileless techniques.
“Once an endpoint has been compromised, these attacks can also abuse legitimate system administration tools and processes to gain persistence, elevate privileges, and spread laterally across the network,” Ponemon report authors explained.
Similar to the McAfee report, Ponemon also determined that ransomware attacks were a large threat. More than half of those surveyed said they experienced one or more ransomware attacks in 2017. Of those respondents, 40 percent said they experienced multiple ransomware attacks.
“This survey reveals that ignoring the growing threat of fileless attacks could be costly for organizations.” Ponemon Institute Chairman and Founder Dr. Larry Ponemon said in a statement. “The cost of endpoint attacks in the companies represented in this study could be as much as $5 million, making an enterprise-wise endpoint security strategy more important than ever.”