Fileless Malware Soars as Healthcare Suffers in Q4

Written by

The volume of new cyber-threats found every second doubled between Q3 and Q4 2017, with the number of detected fileless malware samples soaring, according to McAfee.

The security giant’s McAfee Labs Threats Report for the final three months of last year saw the firm detect 478 new threats every minute.

Fileless malware attacks leveraging Microsoft PowerShell increased 432% over the course of 2017 and 267% in Q4 alone, as attackers looked to the utility to execute the first stage of attacks.

It’s increasingly favored by the black hats as it allows them to conduct attacks with minimal use of malware, thus evading traditional cybersecurity filters, according to Panda Labs.

One report from 2016 said that, even back then, it was present in over a third (38%) of attacks.

Elsewhere, McAfee reported that ransomware volumes grew 35% in Q4 to end 2017 with 59% year-on-year growth. 

However, cyber-criminals are increasingly turning their attention to crypto-mining and hijacking Monero and Bitcoin wallets as a way to make more money hassle-free, according to McAfee.

This backs up similar observations from the likes of Cisco, which has reported that hackers are increasingly eschewing ransomware in favor of tactics which offer a higher ROI.

“The fourth quarter was defined by rapid cyber-criminal adoption of newer tools and schemes – fileless malware, crypto-currency mining, and steganography. Even tried-and-true tactics, such as ransomware campaigns, were leveraged beyond their usual means to create smoke and mirrors to distract defenders from actual attacks,” said Raj Samani, McAfee chief scientist.

“Collaboration and liberalized information-sharing to improve attack defenses remain critically important as defenders work to combat escalating asymmetrical cyber-warfare.”

Publicly disclosed security incidents targeting healthcare decreased by 78% in Q4, but the sector experienced a massive 210% overall increase in incidents in 2017, the report continued.

It’s well known that healthcare organizations (HCOs) are an increasingly popular target for hackers, as many are poorly protected, but store valuable patient records or offer an easy win for ransomware-slingers.

UK HCOs accounted for 43% of all incidents reported to the ICO between January 2014 and December 2016, according to Egress.

What’s hot on Infosecurity Magazine?