McAfee Labs Threats Report Explores WannaCry/Petya, Threat Hunting, Script-Based Malware

Today we published the McAfee Labs Threats Report: September 2017. This quarter’s report shows off a new design. We hope you will find it attractive as well as informative. The report contains three highly educational topics, in addition to the usual set of threats statistics:

  • Earlier this year, WannaCry malware infected more than 300,000 computers in over 150 countries in less than 24 hours. Several weeks later, the malware Petya exploited the same operating systems’ flaw along with multiple other techniques to spread to other computers on the same network. These attacks exposed among other lessons the continued use of old and unsupported operating systems in critical areas and they laid bare the lax patch-update processes followed by some businesses. We explore the timeline and background of the WannaCry attack and Petya, its apparent follow-up; the vulnerabilities they exploited; a technical analysis of their infiltration and propagation methods; and our thoughts on the motives for these attacks and what they might lead to.
  • Threat hunting is a growing and evolving capability in cybersecurity, one with a broad definition and wide range of goals, but it is generally seen as a proactive approach to finding attacks and compromised machines without waiting for alerts. Threat hunting enables security operations to study the behaviors of attackers and build more visibility into attack chains. This results in a more proactive stance for the security operations center, shifting the focus to earlier detection, faster reaction times, and enhanced risk mitigation. In May, McAfee surveyed more than 700 IT and security professionals around the world to better understand how threat hunting is used in organizations today and how they plan to enhance their threat hunting capabilities in the future. We offer detailed advice and recommendations for using certain types of indicators of compromise when hunting for threats.
  • Cyberattackers often use scripting techniques in their assaults. Some attacks employ script-based malware at every stage, while others use it for a specific purpose. Script-based malware—written in the JavaScript, VBS, PHP, or PowerShell scripting languages—has been on the upswing during the last two years for a very simple reason: evasion. Scripts are easy to obfuscate and thus are difficult for security technology to detect. In this Key Topic, we discuss why cybercriminals leverage script-based malware, how script-based malware propagates, the types of malware that use scripts for distribution, ways in which authors obfuscate script-based malware, and how to protect against script-based malware.

Accompanying the first and last Key Topic are Solution Briefs that goes into detail about how McAfee products can protect against these threats.

Here are some highlights from our extensive analysis of threats activity in Q2:

  • Malware: New malware samples leaped in Q2 to 52 million, a 67% increase. The total number of malware samples grew 23% in the past four quarters to almost 723 million samples.
  • Ransomware: New ransomware samples again increased sharply in Q2, by 54%. The number of total ransomware samples grew 47% in the past four quarters to 10.7 million samples.
  • Mobile malware: Global infections of mobile devices rose by 8%, led by Asia with 18%. Total mobile malware grew 61% in the past four quarters to 18.4 million samples.
  • Incidents: We counted 311 publicly disclosed security incidents in Q2, an increase of 3% over Q1. The health, public, and education sectors comprised more than 50% of the total. 78% of all publicly disclosed security incidents in Q2 took place in the Americas.

Read the McAfee Labs Threats Report: September 2017.

Leave a Comment

9 − 4 =