GEC NEWS WIREMcAfee examined the growth and trends of new malware, ransomware, and other threats in Q3 2017 in its latest Lab Report. McAfee Labs saw malware reach an all-time high of 57.6 million new samples—four new samples per second—featuring developments such as new fileless malware using malicious macros, a new version of Locky ransomware dubbed Lukitus, and new variations of the banking Trojans Trickbot and Emotet. Threats attempting to exploit Microsoft technology vulnerabilities were very prominent despite the fact that the platform vendor addressed these issues with patches as early as the first quarter of 2017.
“The third quarter revealed that attackers’ threat designs continue to benefit from the dynamic, benign capabilities of platform technologies like PowerShell, a reliable recklessness on the part of individual phishing victims, and what seems to be an equally reliable failure of organizations to patch known vulnerabilities with available security updates,” said Raj Samani, McAfee’s Chief Scientist.
The third quarter of 2017 saw cybercriminals continue to take advantage of Microsoft Office vulnerabilities such as CVE-2017-0199, which took advantage of a vulnerability within both Microsoft Office and WordPad to allow remote code execution through specially crafted files. To execute this attack, many took advantage of a tool available via GitHub offering an easy route to creating a backdoor attack without complex configuration.
New variations of the Trickbot banking Trojan featured code that embedded the EternalBlue exploit responsible for the massive WannaCry and NotPetya ransomware outbreaks in Q2. Despite Microsoft’s continued efforts to counter EternalBlue with security patches, the new Trickbot authors still found the proven technique to be effective. They combined it with new features such as cryptocurrency theft and new delivery methods, and made these new Trickbot versions the most active banking Trojans in Q3.
“The year 2017 will be remembered as the time when such vulnerabilities were exploited to orchestrate large-scale cyber events, including the WannaCry and NotPetya ransomware outbreaks, and high-profile breaches such as at Equifax. Only by investing more in the discovery and remediation of cyber vulnerabilities can technology vendors, governments, and business enterprises hope to gain a step on the cybercriminals working furiously to uncover and take advantage of them,” said Steve Grobman, CTO, McAfee.
“By leveraging trusted applications or gaining access to native system operating tools such as PowerShell or JavaScript, attackers have made the development leap forward to take control of computers without downloading any executable files, at least in the initial stages of the attack,” said Vincent Weafer, VP, McAfee Labs.
