Increase in healthcare attacks, cryptocurrency mining

Share this…

The spike in Bitcoin value prompted cybercriminals to focus on cryptocurrency hijacking through a variety of methods, including malicious Android apps. During Q4 2017, information security professionals saw on average eight new threat samples per second, and the increasing use of fileless malware attacks leveraging Microsoft PowerShell.

“The fourth quarter was defined by rapid cybercriminal adoption of newer tools and schemes like; fileless malware, cryptocurrency mining, and steganography. Even tried-and-true tactics, such as ransomware campaigns, were leveraged beyond their usual means to create smoke and mirrors to distract defenders from actual attacks,” said Raj Samani, information security training expert at McAfee. “Collaboration and liberalized information-sharing to improve attack defenses remain critically important as defenders work to combat escalating asymmetrical cyberwarfare.”


The spike in the value of Bitcoin prompted actors to branch out from moneymakers such as ransomware, to the practice of hijacking Bitcoin and Monero wallets.

Cybercriminals adopt fileless malware leveraging Microsoft PowerShell, which surged 432% over the course of 2017, as the threat category became a go-to toolbox. The scripting language was used within Microsoft Office files to execute the first stage of attacks.

The health care sector experienced a dramatic 211% overall increase in incidents in 2017. Through their investigations, information security training analysts conclude many incidents were caused by organizational failure to comply with security best practices or address known vulnerabilities in medical software.

“Healthcare is a valuable target for cybercriminals who have set aside ethics in favor of profits,” said Christiaan Beek, information security training expert. “Our research uncovered classic software failures and security issues such as hardcoded embedded passwords, remote code execution, unsigned firmware, and more. Both health care organizations and developers creating software for their use must be more vigilant in ensuring they are up to date on security best practices.”

Fileless malware: In Q4 JavaScript malware growth continued to slow with new samples decreasing by 9%, while new PowerShell malware more than tripled, growing 267%.

Security incidents: McAfee Labs counted 222 publicly disclosed security incidents in Q4, a decrease of 15% from Q3. 30% of all publicly disclosed security incidents in Q4 took place in the Americas, followed by 14% in Europe and 11% in Asia.

According to information security training analysts, vertical industry targets: Public, health care, education, and finance, respectively, led vertical sector security incidents for 2017:

Health care: Disclosed incidents experienced a surge in 2017, rising 211%, while falling 78% in Q4.

Public sector: Disclosed incidents decreased 15% in 2017, down 37% in Q4.

Education: Disclosed incidents rose 125% in 2017, remaining stagnant in Q4.

Finance: Disclosed incidents rose 16% in 2017, falling 29% in Q4.

According to information security training analysts, in Q4 and 2017 overall, malware led disclosed attack vectors, followed by account hijacking, leaks, DDoS, and code injection.

Ransomware: New ransomware samples grew 59% over the last four quarters, while new ransomware samples growth rose 35% in Q4. The total number of ransomware samples increased 16% in the last quarter to 14.8 million samples.

Mobile malware: New mobile malware decreased by 35% from Q3. In 2017 total mobile malware experienced a 55% increase, while new samples declined by 3%.

Malware overall: New malware samples increased in Q4 by 32%. The total number of malware samples grew 10% in the past four quarters.

Mac malware: New macOS malware samples increased by 24% in Q4. Total macOS malware grew 243% in 2017.

Macro malware: New macro malware increased by 53% in Q4, declined by 35% in 2017.

Spam campaigns: 97% of spam botnet traffic in Q4 was driven by Necurs, recent purveyor of “lonely girl” spam, pump-and-dump stock spam, and Locky ransomware downloaders, and by Gamut, sender of job offer–themed phishing and money mule recruitment emails.