Intel Security has released the McAfee Labs Threat Report: September 2016, which assesses the growing threat of ransomware to the healthcare industry, investigates the “who and how” of data loss, explains the practical application of machine learning in cybersecurity, and details the growth of ransomware, mobile malware, macro malware and other threats in Q2 2016.
Following an outbreak of premeditated ransomware attacks against hospitals in early 2016, Intel Security investigated these events, the ransomware networks behind them, and the payment structures that make it possible for cyber criminals to profit from their malicious activities. intentioned. Research has identified payments in the order of US$100 thousand made by ransomware victims in hospitals to specific Bitcoin accounts. Despite the clear realization that the healthcare industry still represents, in general terms, a small slice of the ransomware “business”, McAfee Labs foresees an increasing number of new industries being placed in the crosshairs of the numerous responsible networks. for launching these attacks.
In the first half of 2016, Intel Security researchers identified a ransomware creator and distributor who apparently pocketed US$121 million (BTC 189,813) in payments from ransomware operations launched against various industries. Reports from the shady networks discussion committee suggest that the cybercrime in question racked up profits of US$94 million in the first six months of the year.
The size of the operation aligns with McAfee Labs' survey conducted in late October 2015 by its partners at Alliance against Virtual Threats, when the group uncovered a ransomware operation utilizing the Crypto Wall virus strain to extort around US$325 million in a two-month period.
The research team attributes the increasing focus on hospitals to their reliance on aging IT systems, medical devices with little or no security, third-party services likely to be common in many organizations, and the need for hospitals to have immediate access information to provide the best possible care for patients.
"As targets, hospitals represent an attractive combination of relatively weak data security, complex environments, and the urgent need for access to data sources, often in life-and-death situations," said Vincent Weafer, VP of McAffe Labs at Intel. Security. "New revelations about the scale of ransomware networks and the emerging focus on hospitals remind us that the cybercrime economy is fueled by the ability and motivation to explore new industries."
2016 Data Loss Prevention Study by Intel Security
The second semester report also presents the results of a preliminary survey evaluating data loss incidents, including the types of data leaks, the ways data leaves organizations and the steps these organizations should take to improve prevention capabilities. against data loss.
According to the survey results, financial services and retail organizations have implemented the most comprehensive protections against data loss, a finding attributed by McAfee Labs to organizational responses to the frequency of cyberattacks and the value of data held by companies in these two industries. Having resisted some cyber attacks in the past, healthcare and manufacturing companies have made few investments in IT security, having the least complete resources for data protection.
According to the survey, more than 25% of respondents do not monitor sharing or accessing sensitive employee or customer information, and only 37% monitor the use of both, although this number increases to around 50% in larger organizations.
The survey results also reveal that approximately 40% of data losses involve some type of physical media, such as flash drives, but only 37% of organizations use monitoring of user activities and physical media connections at the endpoint that could contain such incidents. While 90% of respondents claim to have implemented cloud protection strategies, only 12% are confident in being able to visualize their data activity in the cloud.
Weafer concludes: “We will always face challenges in our work to prevent data leakage, regardless of where it is stored and how it is handled. Organizations, however, can learn a lot from the consistent theme of the study, namely the value of broader visibility into events and incidents across the enterprise and the longer lasting value of the data extracted from that monitoring to develop tighter security postures. ”.
Threat activities in the second quarter of 2016
In Q2 2016, McAfee Labs' global threat intelligence network detected 316 new threats every minute (or more than 5 every second) and found significant increases in ransomware, mobile malware, and macro malware:
Ransomware – 1.3 million new ransomware samples collected in Q2 2016 represents the highest amount recorded since McAfee Labs began logging this type of threat. The total number of ransomware has increased by 128% in the past year.
Mobile malware – The approximate number of 2 million new mobile malware samples collected represented the highest amount recorded to date by McAfee Labs. The total number of mobile malware increased by 151% last year.
Macro malware – New Trojan download engines such as Necurs and Dridex that spread Locky ransomware generated more than a 200% increase in new macro malware in Q2.
Malware on Mac OS – Lower activity by the OSX.Trojan.Gen adware family reduced Mac OS new malware detections by 70% in Q2.
Botnet activity – Wapomi, responsible for spreading worms and download engines, increased by 8% in Q2. Muieblackcat, runner-up in the last quarter and responsible for opening the door to new explorations, suffered a drop of 11%.
Network attacks – Assessing the volume of network attacks in the second quarter shows that denial of service attacks increased by 11% in the quarter, thus taking the top spot. Browser attacks dropped by 8% in Q1. The most prevalent attack types were accompanied by brute force, SSL, DNS, scanning, backdoor and others.
For more information on the financial impact of ransomware attacks on hospitals, see the blog “Healthcare Organizations Must Consider the Financial Impact of Ransomware Attacks.”
EN 
PT 
