This blog was written by Bruce Snell.
The latest edition of the Quarterly Threats Report (QTR) was released this week by McAfee Labs. If you’re not familiar with them, McAfee Labs is our research organization tasked with researching all the latest threats that people are seeing out there in the wild as well as looking as trends that help indicate what the bad guys are going to target next. The QTR is written to address questions faced by large organizations, but there is also a lot of great data in there for everyone else. I’ve gone through our data to find the key things that everyone should be aware of, even if you aren’t in computer security.
Because that’s where the money is…
One of the major topics of the QTR was looking at the who, why and what around data theft. Who are the big targets? What is the motivation for the breach? It shouldn’t be surprising to discover that 89% of data breaches involve either financial gain or espionage. Crooks and spies! It may seem obvious, but it’s a number that has been steadily increasing over the past few years. Historically data breaches have been motivated by curiosity, hacktivism, revenge, you name it. Now we’re definitely seeing money being the primary motive behind these attacks.
What’s very interesting is that now 53% of the breaches are discovered by someone other than the hacked company. This means your bank/credit card/insurance provider could have been hacked and not know it, leaving the cybercriminals to have free access to your valuable data without you knowing about it. They’re also under almost constant attack.
Looking at our data, we found that retail and financial services companies are seeing an average of 20% more attacks than similar sized organizations in government, healthcare and manufacturing. Why? This ties back to the motivation. The amount of personal and financial data kept by these sort of businesses make them tempting targets for cybercriminals.
Ransomware in the ER
Ransomware is my #1 most hated malware. It started out attacking individuals but then has moved to small and medium size businesses, but has been making a move towards attacking healthcare. Why healthcare? By locking people out of the infected systems, it directly impacts healthcare’s need to have no disruption of a patient’s care. Unfortunately, a lot of medical equipment runs on old operating systems that can’t be updated with the latest security patches, making them much easier to infect. Combine these two factors with any organization’s desire to stay out of the news and you now have a situation that pushes healthcare providers to quickly pay ransomware to get back on their feet as fast as possible. During the first quarter of this year, a group of targeted attacks on hospitals generated about $100,000 in ransom payments.
The last three months have seen the highest amount of new malware targeting smartphones and tablets (mobile malware), and the second highest amount of “traditional” malware. Over the past year, the number of mobile malware samples grew 151%! Cybercriminals are definitely paying closer attention to your smartphone. We did see less malware targeting Macs than the last quarter, but the total number of Mac malware is still more than 500% larger than it was a year ago. Still think Macs don’t get viruses? As you would expect, ransomware continues to grow at an accelerated pace with a 128% growth over this time last year.
One interesting standout was a dramatic uptick in macro viruses. Macro viruses were all the rage in the 1990’s (the Melissa virus was a prime example), but Microsoft took a lot of steps to prevent these from working and malware writers moved on. However, they saw a bit of a resurgence in the last quarter due to use in a number of spam campaigns. As a result, there was a 200% increase in macro viruses in the 2nd quarter alone.
So what can we do?
Credit monitoring – Given the increase in attacks against financial and healthcare institutions, using a credit monitoring service will go a long way in making sure your personal information isn’t used for identity theft. There are many great options to choose from. There are free services that will alert you when a change is made to your credit report as well as paid services that will go the extra step to proactively reach out to you if something suspicious happens. Many banks and credit card companies also offer free credit monitoring, so check with your provider.
Back up – If you get infected with ransomware, you typically have the option to either pay the ransom or restore your files from a backup. In some cases, there are fixes for specific ransomware families. You can check out No More Ransom to see if there’s a fix for the particular ransom you’ve been infected with, but if not, restoring your files from backup is the best way to go. Many forms of ransomware will infect files on connected devices, so I recommend you do a scheduled backup to a portable hard drive and then disconnect it when not backing up. You can also use one of many available options for online backup. Do a bit of research and find out what works for your price range, but I recommend staying with a well-established company you are sure will be around for a while.
Update – One of the best ways to prevent malware is to update your operating system and applications. Malware takes advantage of software bugs in order to spread. When you keep your system up to date, you are preventing a large chunk of malware from being able to infect you. This isn’t a 100% fix, however, that’s where security software comes in.
Use security software – Even with the most diligent attention to keeping your system up to date, it is extremely important to run security software on your devices. As you can see from the report, many new pieces of malware are coming out every day and software vendors cannot release an immediate update for every new vulnerability that is found. Running security software on your PC, Macs and mobile devices will help fill in the gaps and protect against those new and unknown threats.
As you can see in the report, the bad guys aren’t slowing down. As we rely more heavily on our devices for so much of our everyday lives, it’s becoming increasingly important to make sure we keep our laptops and smartphones safe.