McAfee Labs Reports Record Surges In Health Care Attacks, Fileless Malware, Cryptocurrency Mining

By   ISBuzz Team
Writer , Information Security Buzz | Mar 13, 2018 08:30 am PST

McAfee today launches its quarterly McAfee Labs Threats Report revealing the latest trends in cyber threat growth. Since last quarter, the amount of new cyber threats found every second has doubled, with McAfee Labs detecting 478 new cyber threats every minute or 8 every second.

The report takes a detailed look at the latest tactics employed by criminal groups, reporting a clear diversifying of strategy with a move from traditional money makers such as ransomware, to the practice of hijacking Bitcoin and Monero wallets.

Alongside this, the report reveals the extent to which the healthcare sector is under attack. McAfee Labs found a 211% surge in disclosed security incidents against the healthcare industry, with many incidents caused by organisational failure to comply with security best practices or address known vulnerabilities in medical software.

Additional key findings include:

  • Fileless malware leveraging Microsoft PowerShell grew 267% in Q4 2017
  • New ransomware grew 35%; ending 2017 with 59% growth year over year
  • New mobile malware decreased by 35%; infection rates remain highest in Asia
  • NewMac OS malware samples increased by 24% in Q4; total Mac OS malware grew 243% in 2017

Nigel Hawthorn, Data Privacy Expert at McAfee commented below.

Nigel Hawthorn, Data Privacy Expert at McAfee:

“The 18% rise in security incidents across Europe during Q4 is worrying, but we know not all incidents are reported. This will change when the GDPR comes into force in May, when non-compliance could lead to negative brand impact that could easily be more costly than fines from the regulators. Cited as ‘the most comprehensive privacy regulation globally’, the GDPR will introduce extensive requirements to minimise risk to personal data when it is introduced. Being GDPR compliant requires a combination of knowledge, processes, policies, technology and training, as well as detailed understanding of data flows to and from third parties and cloud services. Cyber threats have never been more of a concern and with cyber criminals often targeting personal data, a “privacy first” IT philosophy is a must.

“Our research reveals a 211% surge in disclosed security incidents against the healthcare industry last quarter. Healthcare organisations are a valuable target for cybercriminals who have set aside ethics in favour of profits, as they hold some very valuable personal data. Many incidents were caused by organisational failure to comply with security best practice or address known vulnerabilities in medical software.

“Given the complex requirements of the GDPR and its governance on where data goes, how it is shared and who can access it, businesses need to be prepared to take a holistic approach to GDPR compliance. Businesses must confidently understand GDPR compliance gaps and implement necessary controls to address them across all cloud services – including services like Office 365, Box, Salesforce and Slack, as well as custom applications running in public infrastructure-as-a-service platforms.”