Key
Findings
·
Cybercriminals leverage pandemic as entry mechanism into
systems across the globe
·
McAfee Advanced Programs Group releases daily COVID-19
threat dashboard
·
Ransomware attacks evolve into data breaches as
cybercriminals steal data prior to encryption
· New PowerShell
malware increases 689% while total malware grows 1,902% over four quarters
·
Disclosed incidents targeting public sector increase 73%,
individuals +59%, education +33%
· Nearly 47% of all
publicly disclosed security incidents take place in the United States
McAfee, the device-to-cloud cybersecurity company, today released its McAfee COVID-19 Threat Report: July 2020 examining
cybercriminal activity related to COVID-19 and the evolution of cyber threats
in Q1 2020. McAfee Labs saw an average of 375 new threats per minute and a
surge of cybercriminals exploiting the pandemic through COVID-19 themed
malicious apps, phishing campaigns, malware, and more. New PowerShell Malware increased 688% over the course of the quarter
while total malware grew 1,902% over the past four quarters. Disclosed
incidents targeting the public sector, individuals, education and manufacturing
increased; nearly 47% of all publicly disclosed security incidents took place
in the United States .
“Thus far, the dominant themes of the 2020 threat landscape have been
cybercriminal’s quick adaptation to exploit the pandemic and the considerable
impact cyberattacks have had,” said Raj Samani, McAfee fellow and chief
scientist. “What began as a trickle of phishing campaigns and the occasional
malicious app quickly turned into a deluge of malicious URLs and capable threat
actors leveraging the world’s thirst for more information on COVID-19 as an
entry mechanism into systems across the globe.”
Each quarter, McAfee assesses the state of the cyber threat landscape
based on in-depth research, investigative analysis, and threat data gathered by
the McAfeeâ Global Threat Intelligence cloud from over a billion
sensors across multiple threat vectors around the world.
CAPABLE THREAT ACTORS
EXPLOIT PANDEMIC
McAfee researchers found it is typical of COVID-19 campaigns to use
pandemic-related subjects including testing, treatments, cures, and remote work
topics to lure targets into clicking on a malicious link, download a file, or
view a PDF. To track these campaigns, McAfee
Advanced Programs Group (APG) has published a COVID-19 Threat Dashboard, which includes top threats leveraging
the pandemic, most targeted verticals and countries, and most utilized threat
types and volume over time. The dashboard is updated daily at 4pmET; more
information can be found here: McAfee
APG COVID-19 Threat Dashboard.
“Cybersecurity cannot be solved by cookie cutter approaches, each
organization is unique and has specific intelligence requirements and
objectives,” said Patrick Flynn, head of McAfee APG. “The McAfee COVID-19
Threat Dashboard utilizes data to create true analyzed intelligence, which
allows users to understand the total threat environment, informing them of
potential threats before they are weaponized.”
DATA BREACHES: THE NEW
RANSOMWARE ATTACK
Over the course of the first quarter of 2020, McAfee Advanced Threat
Research (ATR) observed malicious actors focus on sectors where availability
and integrity are fundamental, for example manufacturing, law and construction
firms.
“No longer can we call these attacks just ransomware incidents. When
actors have access to the network and steal the data prior to encrypting it,
threatening to leak if you don’t pay, that is a data breach,” said Christiaan
Beek, senior principal engineer and lead scientist. “Using either weakly
protected Remote Desktop Protocol or stolen credentials from the underground,
we have observed malicious actors moving at light-speed to learn the network of
their victims and effectively steal and then encrypt their data.”
New ransomware declined 12% in Q1; total ransomware increased 32% over
the past four quarters.
Q1 2020 THREATS ACTIVITY
Malware overall. New malware samples slowed by 35%; total
malware increased 27% over the past four quarters. New Mac OS malware samples
increased by 51%.
Mobile malware. New mobile malware increased by 71%, with
total malware growing nearly 12% over the past four quarters.
Regional Targets. Disclosed incidents targeting the Americas increased 60%, incidents targeting
Asia-Pacific increased 27%, while Europe
decreased 7%.
Security incidents. McAfee Labs counted 458 publicly
disclosed security incidents, an increase of 41% from Q4. 50% of all publicly
disclosed security incidents took place in North America, followed 9% in Europe . Nearly 47% of all publicly disclosed security
incidents took place in the United
States .
Vertical industry targets. Disclosed incidents
targeting the public sector increased 73% individuals increased 59%, education
increased 33%, and manufacturing increased 44%.
Attack vectors. Overall, malware led
disclosed attack vectors, followed by account hijacking and targeted attacks.
Cryptomining. New coinmining malware increased 26%.
Total coinmining malware samples increased nearly 97% over the past four
quarters.
Fileless malware. New JavaScript malware declined nearly
38%, while total malware grew nearly 24% over the past four quarters. New
PowerShell malware increased 689%; total malware grew 1,902% over the past four
quarters.
IoT. New malware samples increased nearly 58%; total IoT
malware grew 82% over the past four quarters.