Welcome to the McAfee Labs Threats Report, August 2019. In this edition, we highlight the significant investigative research and trends in threats statistics and observations in the evolving threat landscape gathered by the McAfee® Advanced Threat Research and McAfee® Labs teams in Q1 of 2019. In the first quarter of 2019, ransomware attacks grew by 118%, new ransomware families were detected, and threat actors used innovative techniques. In January, the McAfee Advanced Threat Research team was the first to discover a new ransomware family, Anatova, designed to cipher all files before requesting payment from the victim. Anatova’s architecture is unusual in that it is modular, which could facilitate future development of ransomware.
A hacker using the moniker “Gnosticplayers“ reportedly released data from large companies in Q1, which McAfee researchers have dubbed “the quarter of data dumps.” We also observed a significant amount of HTTP web exploitation traffic and attempts to compromise remote machines. A notable 460% rise in the use of PowerShell as the tool of choice in targeted attacks of compromised servers was also detected. Most ransomware attackers no longer use mass campaigns, but, instead, try to get remote access where remote desktop protocol is the most used entry vector. Even with all the sophisticated attack techniques being developed, attackers are still highly dependent on human interaction and social engineering. Also, in Q1, new cryptojacking families—including malware targeting Apple users—were discovered amidst campaigns designed to steal wallets and credentials, along with a massive cryptomining campaign designed to exploit remote command executive vulnerability in ThinkPHP. Criminals continue to attack Internet of Things (IoT) devices with default username/password combinations that are used in popular IP cameras, DVRs, and routers. McAfee researchers also uncovered two..........
No comments:
Post a Comment