Today we published the McAfee Labs Threats Report: September 2017. This quarter’s report shows off a new design. We hope you will find it attractive as well as informative. The report contains three highly educational topics, in addition to the usual set of threats statistics:
- Earlier this year, WannaCry malware infected more than 300,000 computers in over 150 countries in less than 24 hours. Several weeks later, the malware Petya exploited the same operating systems’ flaw along with multiple other techniques to spread to other computers on the same network. These attacks exposed among other lessons the continued use of old and unsupported operating systems in critical areas and they laid bare the lax patch-update processes followed by some businesses. We explore the timeline and background of the WannaCry attack and Petya, its apparent follow-up; the vulnerabilities they exploited; a technical analysis of their infiltration and propagation methods; and our thoughts on the motives for these attacks and what they might lead to.
- Threat hunting is a growing and evolving capability in cybersecurity, one with a broad definition and wide range of goals, but it is generally seen as a proactive approach to finding attacks and compromised machines without waiting for alerts. Threat hunting enables security operations to study the behaviors of attackers and build more visibility into attack chains. This results in a more proactive stance for the security operations center, shifting the focus to earlier detection, faster reaction times, and enhanced risk mitigation. In May, McAfee surveyed more than 700 IT and security professionals around the world to better understand how threat hunting is used in organizations today and how they plan to enhance their threat hunting capabilities in the future. We offer detailed advice and recommendations for using certain types of indicators of compromise when hunting for threats.
Accompanying the first and last Key Topic are Solution Briefs that goes into detail about how McAfee products can protect against these threats.
Here are some highlights from our extensive analysis of threats activity in Q2:
- Malware: New malware samples leaped in Q2 to 52 million, a 67% increase. The total number of malware samples grew 23% in the past four quarters to almost 723 million samples.
- Ransomware: New ransomware samples again increased sharply in Q2, by 54%. The number of total ransomware samples grew 47% in the past four quarters to 10.7 million samples.
- Mobile malware: Global infections of mobile devices rose by 8%, led by Asia with 18%. Total mobile malware grew 61% in the past four quarters to 18.4 million samples.
- Incidents: We counted 311 publicly disclosed security incidents in Q2, an increase of 3% over Q1. The health, public, and education sectors comprised more than 50% of the total. 78% of all publicly disclosed security incidents in Q2 took place in the Americas.