Evolution Of Cyber Threats During Pandemic: McAfee

Cybercriminals leverage the COVID-19 pandemic as an entry mechanism into systems across the countries. McAfee Advanced Programs Group releases a daily COVID-19 threat report measuring cybercriminal activity related to COVID-19 pandemic and the evolution of cyber threats in Q1 2020.

McAfee researcher found an average of 375 new cyber threats per minute and a surge of cybercriminals exploiting the pandemic through COVID-19 themed malicious apps, phishing campaigns, malware, and more. New PowerShell malware increased 688% over the quarter, while total malware grew 1,902% over the past four quarters. Exposed incidents targeting the public sector, individuals, education, and manufacturing increased; nearly 47% of all publicly disclosed security incidents occurred in the United States.

Capable Threat Actors Exploit Pandemic

McAfee researchers found it is typical of COVID-19 campaigns to use pandemic-related subjects, including testing, cures, and remote work topics, to lure targets into clicking on malicious links, file download, or view a PDF. To track these campaigns, McAfee Advanced Programs Group (APG) has published a COVID-19 Threat Dashboard, which includes top threats leveraging the pandemic, most targeted verticals and countries, and most utilized threat types and volume over time. The dashboard is updated daily at 4pmET; more information can be found here: McAfee APG COVID-19 Threat Dashboard.

Data Breaches: The New Ransomware Attack

Over the first quarter of 2020, McAfee Advanced Threat Research (ATR) saw malicious actors focus on sectors where availability and integrity are fundamental, for example, manufacturing, law, and construction firms.

New ransomware declined 12% in Q1; total ransomware increased 32% over the past four quarters.

Q1 2020 Threats Activity

Malware overall: New malware samples slowed by 35%; total malware increased 27% over the past four quarters. New Mac OS malware samples increased by 51%.

Mobile malware: New mobile malware increased by 71%, with total malware growing nearly 12% over the past four quarters.

Regional Targets: Disclosed incidents targeting the Americas increased by 60%, incidents targeting Asia-Pacific increased by 27%, while Europe decreased 7%.

Security incidents: McAfee Labs counted 458 publicly disclosed security incidents, an increase of 41% from Q4. 50% of all publicly disclosed security incidents in North America, followed 9% in Europe. Nearly 47% of all publicly disclosed security incidents took place in the United States.

Vertical industry targets: Disclosed incidents targeting the public sector increased 73% individuals increased 59%, education increased 33%, and manufacturing increased 44%.

Attack vectors: Overall, malware led disclosed attack vectors, followed by account hijacking and targeted attacks.

Cryptomining: New coinmining malware increased by 26%. Total coinmining malware samples increased by nearly 97% over the past four quarters.

Fileless malware: New JavaScript malware declined nearly 38%, while total malware grew nearly 24% over the past four quarters. New PowerShell malware increased by 689%; total malware grew 1,902% over the past four quarters.

IoT: New malware samples increased nearly 58%; total IoT malware grew 82% over the past four quarters.

Conclusion

Cybercriminals taking advantage of the ongoing pandemic crisis to lure targets into malicious hyperlinks, and other phishing campaigns. Most of the companies operating their work from remote work model, cybercriminals continuously targeting remote working employees, education sectors, public sectors, individuals, and manufacturing units. Ransomware attacks evolve into data breaches as cybercriminals steal data prior to encryption. McAfee found that an average of 375 new cyber threats per minute, and a surge of cybercriminals exploiting the pandemic through COVID-19 themed malicious apps, phishing campaigns, malware, etc.