Shocking Findings from the McAfee Labs Threat Report: December 2017

California-based endpoint security and anti-malware vendor McAfee today released its McAfee Labs Threat Report: December 2017, examining the growth and trends of malware, ransomware, and other cybersecurity threats in Q3 2017. McAfee releases their quarterly report based on the threat data gathered by their Global Threat Intelligence cloud.

This quarter the report looks grim. McAfee found a 10% increase in malware, with individual samples reaching an all-time high of 57.6 million. That translates to four new samples per second in just this quarter. Mobile malware increased 60%, with Asia having the highest infection rates. By the same token, fileless malware jumped 119%, taking advantage of native processes like Microsoft Office and Powershell. Ransomware grew by 36%, bringing the total number of samples to 12.2 million samples. More than 60% of all publicly disclosed breaches occurred in the Western Hemisphere.

“The third quarter revealed that attackers’ threat designs continue to benefit from the dynamic, benign capabilities of platform technologies like PowerShell, a reliable recklessness on the part of individual phishing victims, and what seems to be an equally reliable failure of organizations to patch known vulnerabilities with available security updates,” said Raj Samani, McAfee’s Chief Scientist.

“Although attackers will always seek ways to use newly developed innovations and established platforms against us, our industry perhaps faces a greater challenge in the effort to influence individuals and organizations away from becoming their own worst enemies.”

Samani’s statement references some common vectors of infection discovered by McAfee. The ransomware Lukitus—an offshoot of Locky—initially attacked via the spread of 23 million spam emails within 24 hours. Fileless malware using a known vulnerability within Microsoft Office (which the company has made efforts to patch) allowing remote codes to execute via specifically crafted files. Moreover, many attackers took advantage of a prepacked tool to utilize this vulnerability. Breaches that exploit native applications like this are signatureless and often don’t require an initial file download and therefore cannot be detected by normal anti-malware software.

Among McAfee’s reports was one that invokes distinct curiosity. They managed to anonymously get in touch with several malicious actors and creators of ransomware and interview them on why they do what they do. The answers were shockingly ordinary. Most of those interviewed thought of hacking as an easy and safe form of employment, with the profits going to travel, cars, houses, or simply paying off debts. Several noted that they were even willing to negotiate their ransom demands if their victims couldn’t pay in full. McAfee was only able to trace one of their interviewees to Senegal, so our cyber-enemies might be even more distant than we imagined.

These communications paint a different image of the hacker than the one most commonly imagined. Hackers are everyday people who see this as a job, and that means that they’re working as tirelessly on developing new tools and exploits as we are on stopping them. Innovations will decide the fate of cybersecurity–and who can achieve them first.

You can find the full reports and findings from McAfee here.