Interviews

Cyber views

by Mark Rowe

In the third quarter of 2017, the IT firm McAfee Labs saw malware reach an all-time high of 57.6 million new samples, or four new samples per second. The firm’s latest McAfee Labs Threat Report features developments such as new fileless malware using malicious macros, a new version of Locky ransomware dubbed Lukitus, and new variations of the banking Trojans Trickbot and Emotet. Threats attempting to exploit Microsoft vulnerabilities were very prominent despite the fact that the platform vendor addressed these issues with patches as early as the first quarter of 2017, according to the IT security company.

Raj Samani, McAfee’s Chief Scientist, pictured, said: “The third quarter revealed that attackers’ threat designs continue to benefit from the dynamic, benign capabilities of platform technologies like PowerShell, a reliable recklessness on the part of individual phishing victims, and what seems to be an equally reliable failure of organisations to patch known vulnerabilities with available security updates. Although attackers will always seek ways to use newly developed innovations and established platforms against us, our industry perhaps faces a greater challenge in the effort to influence individuals and organisations away from becoming their own worst enemies.”

Each quarter, the IT firm assesses the cyber threat landscape based on threat data gathered by its ‘Global Threat Intelligence cloud’ from hundreds of millions of sensors across multiple threat vectors.

The third quarter of 2017 saw cybercriminals continue to take advantage of Microsoft Office vulnerabilities such as CVE-2017-0199, which took advantage of a vulnerability within Microsoft Office and WordPad to allow remote code execution through specially crafted files. To execute this attack, many took advantage of a tool available via GitHub offering an easy route to creating a backdoor attack without complex configuration.

New variations of the Trickbot banking Trojan featured code that embedded the EternalBlue exploit responsible for the massive WannaCry and NotPetya ransomware outbreaks in Q2. Despite Microsoft’s continued efforts to counter EternalBlue with security patches, the new Trickbot authors still found the proven technique to be effective. They combined it with new features such as cryptocurrency theft and new delivery methods, and made these new Trickbot versions the most active banking Trojans in Q3.

Steve Grobman, Chief Technology Officer at McAfee said: “Once vulnerabilities are discovered and disclosed ‘into the wild,’ or the hacker community, they present a blueprint for malicious parties seeking to develop sophisticated threats that exploit them. The year 2017 will be remembered as the time when such vulnerabilities were exploited to orchestrate large-scale cyber events, including the WannaCry and NotPetya ransomware outbreaks, and high-profile breaches such as at Equifax. Only by investing more in the discovery and remediation of cyber vulnerabilities can technology vendors, governments, and business enterprises hope to gain a step on the cybercriminals working furiously to uncover and take advantage of them.”

Comment

Rob Bolton, Director of Western Europe at Infoblox said that 2017 has been a year that the UK has really woken up to the dangers of cybercrime. “With ransomware attacks such as WannaCry and NotPetya causing global disruption, the government and businesses alike are placing an increased focus on ensuring the correct defensive measures are in place. However, as we move into 2018, the reality is that cyber threats to businesses are only going to continue to increase. As new technologies continue to evolve, such as the Internet of Things, so does the increased attack surface. Cybercriminals continue to focus on causing as much disruption as possible, it is likely that we will start seeing regular attacks on specific verticals, with the IoT in industrial centres, transport centres and public services increasingly becoming subject to targeted attacks.

“With this in mind, 2018 needs to be the year that organisations move from defensive strategies to offensive; from detection to prevention. Technologies like machine learning can help identify potential risks and threats, and make it easier for organisations to spot any unusual activity on their networks as soon as it appears. Approaches like this can help ensure that organizations become as agile and as fast as the cybercriminals we are fighting against.”

Related News

  • Interviews

    Gang report

    by Mark Rowe

    The removal of more than 200 gang ring leaders from London’s streets has resulted in a vacuum in which younger gang members…

  • Interviews

    Mindset needs to change

    by Mark Rowe

    Has cybersecurity gone insane? asks Paul German, pictured, CEO, Certes Networks. He suggests it’s time for a new approach with network security,…

  • Interviews

    Cyber challenge

    by Mark Rowe

    The Cyber Security Challenge UK is asking the public to show their digital skills and help investigate suspicious emails linked to a…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing