Tuesday, August 27, 2019

McAfee: Ransomware attacks on the rise

There has been a significant resurgence in ransomware attacks, according to McAfee Labs Threats Report: August 2019, which tracks cybercriminal activity and the evolution of cyber threats in Q1 2019.

While spearphishing remained popular, ransomware attacks increasingly targeted exposed remote access points, such as Remote Desktop Protocol (RDP); these credentials can be cracked through a brute-force attack or bought on the cybercriminal underground. RDP credentials can be used to gain admin privileges, granting full rights to distribute and execute malware on corporate networks.

McAfee researchers also observed actors behind ransomware attacks using anonymous email services to manage their campaigns versus the traditional approach of setting up command-and-control (C2) servers. Authorities and private partners often hunt for C2 servers to obtain decryption keys and create evasion tools. Thus, the use of email services is perceived by threat actors to be a more anonymous method of conducting criminal business.

The most active ransomware families of the quarter appeared to be Dharma (also known as Crysis), GandCrab and Ryuk. Other notable ransomware families of the quarter include Anatova, which was exposed by McAfee Advanced Threat Research before it had the opportunity to spread broadly, and Scarab, a persistent and prevalent ransomware family with regularly discovered new variants. Overall, new ransomware samples increased 118%.

Some highlights:

  • New ransomware grows 118%; cybercriminals adopt new tactics and code innovations
  • More than 2 billion stolen account credentials available on the cybercriminal underground
  • Targeted attacks utilize spearphishing for initial access, user interaction for attack execution
  • New coin mining malware increases 29%; CookieMiner malware targets Apple users
  • New PowerShell malware increases 460%; developers experiment with new techniques
  • Disclosed incidents targeting the Asia-Pacific region increase 126%

https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-aug-2019.pdf