Main findings:
- McAfee sees attackers shift from large-scale dissemination activities to fewer, more profitable targets
- Due to the growth of 64-bit CoinMiner applications, cryptocurrency mining malware increased by 117%
- New Mirai malware variants fuel the increase in IoT and Linux threats
- Overall, newly detected malware threats averaged 688 per minute
McAfee, a device-to-cloud network security company, today released the “McAfee Threat Report: June 2021”, which investigated the cybercrime activities related to malware and the evolution of cyber threats in the first quarter of 2021.
This quarter, cyber attackers shifted from low-return, large-scale ransomware activities to fewer, customized Ransomware as a service (RaaS) Activities aimed at larger, more profitable organizations. The proliferation of 64-bit CoinMiner applications has driven a 117% increase in coin mining malware that generates cryptocurrency.In addition, the proliferation of new Mirai-based malware variants has driven Malware targeting the Internet of Things (55%) and Linux (38%) systems.
“Criminals will always develop their technology to combine any tools so that they can maximize the monetary gains with the least complexity and risk,” McAfee researcher and chief scientist Raj Samani said. “For the first time we saw them using ransomware to withdraw small sums of money from millions of individual victims. Today, we see ransomware as a service supporting many participants in these illegal schemes, who are holding organizations hostage and acting Criminals extort huge sums of money.”
Every quarter, McAfee assesses the status of cyber threats based on in-depth research, investigation and analysis, and threat data collected by the McAfee Global Threat Intelligence cloud from more than 1 billion sensors in multiple threat vectors around the world.
Ransomware
Ransomware fell by 50% in the first quarter, partly because attackers moved from a broad campaign that used the same sample to attack many targets to a campaign that used unique samples to attack fewer, larger targets. The use of one type of ransomware to infect and extort payments from many victims is notoriously “noisy” because, over time, hundreds of thousands of systems will begin to identify and stop these attacks. By allowing attackers to launch unique attacks, the RaaS affiliate network allows attackers to minimize the risk of being detected by the network defenses of large organizations, and then paralyze and ransom them for large ransomware payments. This shift is reflected in the reduction of the main types of ransomware families from 19 in January 2021 to 9 in March 2021.
Although high-profile attacks from the DarkSide RaaS organization were exposed in the second quarter of 2021, REvil was detected the most in the first quarter, followed by RansomeXX, Ryuk, NetWalker, Thanos, MountLocker, WastedLocker, Conti, Maze, and Babuk strains.
Coin Miner malware
Although well-known ransomware attacks have focused on how criminals use ransomware to monetize their crimes through cryptocurrency payments, the surge in the spread of coin mining malware that generates cryptocurrency by 117% in the first quarter can be attributed to 64 The rapid growth of CoinMiner applications.
The Coin Miner malware does not lock the victim’s system and hold it hostage until a cryptocurrency payment is made. Instead, it infects the infected system and uses the computing power of these systems to silently help criminals who design and initiate such activities. Producing cryptocurrency locally. The advantage of cybercriminals is that both the offender and the victim need zero interaction. Although the victim’s computer may run slower than usual due to the workload of the coin miners, the victim may never realize that their system is creating monetary value for criminals.
“The conclusion of the trend of ransomware and coin miners should not be that we need to restrict or even ban the use of cryptocurrencies,” Samani continued. “If we learn anything from the history of cybercrime, then criminals will counter the defenders’ efforts by simply improving their tools and techniques, avoiding government restrictions, and staying ahead of the defenders. If you try to limit cryptocurrency, you’ll commit crimes. They will develop new ways to monetize their crimes, and they only need to be a few steps ahead of the government to continue to profit.”
Threats and victims
Overall malware threatIn the first quarter of 2021, the number of new malware threats averaged 688 threats per minute, an increase of 40 threats per minute compared to the fourth quarter of 2020.
IoT and Linux devicesIn the first quarter, various new Mirai malware variants drove the growth of the Internet of Things (IoT) and Linux malware categories. The Moobot family (a Mirai variant) has been observed to spread on a large scale and lead to multiple Mirai variants.These variants all use Vulnerabilities in IoT devices Like DVR, webcam and internet router. Once exploited, the malware will hide in the system, download the later stage of the malware and connect with the command and control server (C2). When infected IoT devices connect to its botnet, they may be requisitioned to participate in DDoS attacks.
industry sectorMcAfee tracked a 54% increase in publicly reported cyber incidents targeting the technology industry in the first quarter of 2021. The education and finance/insurance industries followed closely, with an increase of 46% and 41%, respectively, while the wholesale/retail and public sector reported incidents decreased by 76% and 39%, respectively.
areaThese incidents surged 54% in Asia, 43% in Europe, but dropped by 13% in North America. Although the incidents reported in the United States actually fell by 14%, these incidents increased by 84% in France and 19% in the United Kingdom.
resource:
