McAfee, the device-to-cloud cybersecurity company, today released its McAfee Labs Threats Report: August 2019 examining cybercriminal activity and the evolution of cyber threats in Q1 2019. McAfee Labs saw an average of 504 new threats per minute in Q1 and a resurgence of ransomware along with changes in campaign execution and code. More than 2.2 billion stolen account credentials were made available on the cybercriminal underground over the course of the quarter. Sixty-eight percent of targeted attacks utilized spearphishing for initial access, 77% relied upon user actions for campaign execution.
“The impact of these threats is very real,” said Raj Samani, McAfee fellow and chief scientist. “It’s important to recognize that the numbers, highlighting increases or decreases of certain types of attacks, only tell a fraction of the story. Every infection is another business dealing with outages, or a consumer facing major fraud. We must not forget for every cyberattack, there is a human cost.”
Each quarter, McAfee assesses the state of the cyber threat landscape based on in-depth research, investigative analysis, and threat data gathered by the McAfee Global Threat Intelligence cloud from over a billion sensors across multiple threat vectors around the world.
Key Findings
- New ransomware grows 118%; cybercriminals adopt new tactics and code innovations
- More than 2 billion stolen account credentials available on the cybercriminal underground
- Targeted attacks utilize spearphishing for initial access, user interaction for attack execution
- New coin mining malware increases 29%; CookieMiner malware targets Apple users
- New PowerShell malware increases 460%; developers experiment with new techniques
- Disclosed incidents targeting the Asia-Pacific region increase 126%
McAfee Advanced Threat Research (ATR) observed innovations in ransomware campaigns, with shifts in initial access vectors, campaign management and technical innovations in the code.
While spearphishing remained popular, ransomware attacks increasingly targeted exposed remote access points, such as Remote Desktop Protocol (RDP); these credentials can be cracked through a brute-force attack or bought on the cybercriminal underground. RDP credentials can be used to gain admin privileges, granting full rights to distribute and execute malware on corporate networks.
