New Malware Detections at Record High: Healthcare Most Targeted Industry

Throughout 2017, the volume of new malware samples detected by McAfee Labs has been steadily rising each quarter, reaching a record high in Q3 when 57.6 million new malware samples were detected. On average, in Q3 a new malware sample was detected every quarter of a second.

In the United States, the healthcare industry continues to be the most targeted vertical, which along with the public sector accounted for more than 40% of total security incidents in Q3. In Q3, account hijacking was the main attack vector, followed by leaks, malware, DDoS, and other targeted attacks.

There were similar findings from the recent HIMSS Analytics/Mimecast survey which showed email related phishing attacks were the greatest cause of concern among healthcare IT professionals, with email the leading attack vector.

In Q3, globally there were 263 publicly disclosed security breaches – a 15% increase from last quarter – with more than 60% of those breaches occurring in the Americas. Malware attacks increased 10% since last quarter bringing the total new malware samples in the past four quarters to 781 million – a 27% increase in the space of a year.

Ransomware continues to be a favored moneymaker for cybercriminals, with the number of new ransomware samples increasing by 36% in Q3 – 14% more than the previous quarter. In total, 12.2 million samples of ransomware were detected – a 44% increase over the past four quarters.  One notable ransomware variant was Lukitus – a new form of Locky ransomware that appeared in Q3. The campaign detected by McAfee involved an astonishing 23 million spam emails in the first 24 hours alone.

While not the biggest threat in Q3, fileless malware threats are still a major cause for concern. Script-based malware – written in VBS, JavaScript, PowerShell or PHP – has been steadily increasing over the past two years. The malware is easy to obfuscate and difficult to detect, and is increasingly being used in malware campaigns, with some campaigns consisting entirely of script-based malware.

McAfee reports that while there was a 36% fall in JavaScript malware since Q2, the level is still higher than at any point in 2016 and Q3 saw a 119% increase in PowerShell malware.

“Although many cyberattacks continue to rely on the exploitation of basic security vulnerabilities, exposures, and user behaviors, fileless threats leverage the utility of our own system capabilities,” said Vincent Weafer, Vice President for McAfee Labs. “By leveraging trusted applications or gaining access to native system operating tools such as PowerShell or JavaScript, attackers have made the development leap forward to take control of computers without downloading any executable files, at least in the initial stages of the attack.”

There was also a notable rise in mobile malware, with 21.1 million samples detected – 10% higher than Q2, the increase was largely due to a major rise in Android screen-locking ransomware variants. Macro malware increased by 8% in Q3, while Mac malware saw an increase of 7%. Web-based threats also increased significantly in Q3.

While malware continues to be a major threat, the Carbon Black’s 2017 Threat Report indicates 52% of attacks are non-malware related. Non-malware attacks are now increasing at a rate of 6.8% per month.

The financial services, healthcare providers, and retail stores were the verticals most affected by malware-related cyberattacks in 2017 according to Carbon Black. The main threats are the Kryptik Trojan, Strictor ransomware, the Nemucod downloader, the Emotet banking Trojan, and the Skeeyah Trojan. Carbon Black reports a 328% increase in attacks on endpoints in 2017 alone.

While the healthcare industry has had its fair share of ransomware attacks, it is well down the list of industries targeted with ransomware, coming in 9th out of 10 industries with just 4.6% of the total. The leading targets being tech firms, government organizations/NPOs and legal firms.

Ransomware will continue to be the dominant form of cybercrime in 2018, according to the report. Carbon Black estimates revenues from ransomware will rise to $5 billion by the end of the year, compared to just $24 million in 2015.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.