TRENDING
Capable threat actors
exploit pandemic
McAfee researchers found it is typical of
COVID-19 campaigns to use pandemicrelated
subjects including testing,
treatments, cures and remote work topics to
lure targets into clicking on a malicious link,
downloading a file, or viewing a PDF.
To track these campaigns, McAfee
Advanced Programs Group (APG) has
published a COVID-19 Threat Dashboard,
which includes top threats leveraging the
pandemic, most targeted verticals and
countries and most utilised threat types
and volume over time. The dashboard is
updated daily at 4pmET.
“Cybersecurity cannot be solved by cookie
cutter approaches. Each organisation
is unique and has specific intelligence
requirements and objectives,” said
Patrick Flynn, Head of McAfee APG. “The
McAfee COVID-19 Threat Dashboard
utilises data to create true analysed
intelligence, which allows users to
understand the total threat environment,
informing them of potential threats before
they are weaponised.”
Data breaches: The new
ransomware attack
Over the course of the first quarter of
2020, McAfee Advanced Threat Research
(ATR) observed malicious actors focus on
sectors where availability and integrity are
fundamental, for example manufacturing,
law and construction firms.
“No longer can we call these attacks just
ransomware incidents. When actors have
access to the network and steal the data
prior to encrypting it, threatening to leak if
you don’t pay, that is a data breach,” said
Christiaan Beek, Senior Principal Engineer
and Lead Scientist. “Using either weakly
protected Remote Desktop Protocol or
stolen credentials from the underground,
we have observed malicious actors moving
at light speed to learn the network of their
victims and effectively steal and then
encrypt their data.”
New ransomware declined 12% in Q1; total
ransomware increased 32% over the past
four quarters.
Raj Samani, McAfee Fellow and
Chief Scientist
Q1 2020 threat activity
• Malware overall. New malware samples
slowed by 35%; total malware increased
27% over the past four quarters. New Mac
OS malware samples increased by 51%.
• Mobile malware. New mobile malware
increased by 71%, with total malware
growing nearly 12% over the past
four quarters.
• Regional Targets. Disclosed incidents
targeting the Americas increased 60%,
incidents targeting Asia-Pacific increased
27%, while Europe decreased 7%.
• Security incidents. McAfee Labs
counted 458 publicly disclosed security
incidents, an increase of 41% from Q4.
A total of 50% of all publicly disclosed
security incidents took place in North
America, followed 9% in Europe. Nearly
47% of all publicly disclosed security
incidents took place in the US.
• Vertical industry targets. Disclosed
incidents targeting the public sector
increased 73%, individuals increased
59%, education increased 33%, and
manufacturing increased 44%.
• Attack vectors. Overall, malware-led
disclosed attack vectors, followed by
account hijacking and targeted attacks.
• Cryptomining. New coinmining
malware increased 26%. Total
coinmining malware samples increased
nearly 97% over the past four quarters.
• Fileless malware. New JavaScript
malware declined nearly 38%, while total
malware grew nearly 24% over the past
four quarters. New PowerShell malware
increased 689%; total malware grew
1,902% over the past four quarters.
• IoT. New malware samples increased
nearly 58%; total IoT malware grew
82% over the past four quarters.
We spoke to Raj Samani, McAfee Fellow and
Chief Scientist, to gather his thoughts on
the findings.
Were you surprised by the threat
activity figures from Q1 2020?
The slow pick up was perhaps a little
surprising, but really, from about mid-
March, I don’t think the volume was that
unexpected. Perhaps more surprising was
the geographies that were targeted – for
some time, the most targeted country for
malicious files, using COVID as a lure, was
Spain and that was unexpected.
Was there anything that could
have been done differently
to avoid victims’ data being stolen?
Well, all of the metrics we presented were
stopped. In fact, on malicious files alone, we
“
THE USE OF
COVID AS A LURE
IS ALREADY
FRAGMENTING.
WE ARE
NOW SEEING
ATTACKERS TAKE
ADVANTAGE
OF SOME OF
THE INDIRECT
CONSEQUENCE OF
THE PANDEMIC.
26 INTELLIGENTCIO www.intelligentcio.com