REPORT
1 McAfee Labs Threat Report, December 2017
McAfee Labs Threat ReportDecember 2017
THREATS STATISTICS
Malware
Incidents
Web and Network Threats
REPORT
2 McAfee Labs Threat Report, December 2017
Follow
Share
The McAfee Labs count of new malware in Q3 reached an all-time high of 57.6 million new samples, an increase of 10% from Q2.
Introduction
Welcome to the McAfee Labs Threats Report. In this edition, we highlight the statistics gathered by McAfee Labs in Q3 of 2017. The biggest number of the quarter is our count of new malware, which reached an all-time high of 57.6 million new samples, an increase of 10% from Q2. The total count in the McAfee Labs sample database is now more than 780 million. New ransomware rose by 36% this quarter, largely from widespread Android screen-locking malware. The easy availability of exploit kits and dark web sources fuel the rapid creation of new malware.
Some of the biggest malware stories that McAfee covered in Q3 include the data breach at the Equifax credit reporting company; another data breach, through a misconfigured AWS server, at a Verizon customer support supplier; and a remote code execution vulnerability in Apache Struts, a popular component of many websites across the world.
Every quarter, the McAfee Global Threat Intelligence cloud dashboard allows us to see and analyze real-world attack patterns that lead to better customer protection. This information provides insight into attack volumes that our customers experience. See Page 9 for Q3 results.
—Raj Samani, Chief Scientist and McAfee Fellow, Advanced Threat Research Team
Stay Informed
Our Q3 report demonstrates an escalation in threats, not only in these stories and other reports but also in our statistics, which show increases across multiple categories. Staying informed of emerging threats and the tactics employed by malicious actors is essential. McAfee Labs is committed to helping our customers keep up to date. For more information on threats, follow us @McAfee_Labs.
This report was researched and written by:
• Niamh Minihane
• Francisca Moreno
• Eric Peterson
• Raj Samani
• Craig Schmugar
• Dan Sommer
• Bing Sun
REPORT
3 McAfee Labs Threat Report, December 2017
Threats Statistics
4 Malware
9 Incidents
11 Web and Network Threats
REPORT
4 McAfee Labs Threat Report, December 2017
Follow
Share
Total malware
150,000,000
0
750,000,000
900,000,000
600,000,000
450,000,000
300,000,000
Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q32015 2016 2017
Source: McAfee Labs, 2017.
Malware
New malware
10,000,000
0
50,000,000
60,000,000
40,000,000
30,000,000
20,000,000
Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q32015 2016 2017
Total mobile malware
5,000,000
0
25,000,000
20,000,000
15,000,000
10,000,000
Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q32015 2016 2017
Source: McAfee Labs, 2017.
New mobile malware
500,000
0
2,500,000
3,000,000
2,000,000
1,500,000
1,000,000
Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q32015 2016 2017
Source: McAfee Labs, 2017.
Source: McAfee Labs, 2017.
New malware increased by 10% in Q3, to a record high of 57.6 million samples.
New mobile malware jumped by 60% in Q3, fueled by a big increase in Android screen-locking ransomware.
REPORT
5 McAfee Labs Threat Report, December 2017
Follow
Share
Global mobile malware infection rates(Percentage of mobile customers reporting infections)
2%
0%
10%
12%
14%
8%
6%
4%
Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q32015 2016 2017
Source: McAfee Labs, 2017.
Regional mobile malware infection rates(Percentage of mobile customers reporting infections)
5%
0%
25%
20%
15%
10%
Africa Asia Australia Europe NorthAmerica
SouthAmerica
Q4 2016 Q1 2017 Q2 2017 Q3 2017
Source: McAfee Labs, 2017.
New Mac malware
50,000
0
250,000
300,000
350,000
200,000
150,000
100,000
Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q32015 2016 2017
Source: McAfee Labs, 2017.
Total Mac malware
100,000
0
500,000
600,000
700,000
400,000
300,000
200,000
Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q32015 2016 2017
Source: McAfee Labs, 2017.
REPORT
6 McAfee Labs Threat Report, December 2017
Follow
Share
Total ransomware
2,000,000
0
10,000,000
12,000,000
14,000,000
8,000,000
6,000,000
4,000,000
Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q32015 2016 2017
New ransomware
300,000
0
1,500,000
1,800,000
1,200,000
900,000
600,000
Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q32015 2016 2017
Source: McAfee Labs, 2017.
New malicious signed binaries
200,000
0
1,000,000
1,200,000
1,400,000
1,600,000
800,000
600,000
400,000
Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q32015 2016 2017
Source: McAfee Labs, 2017.
Total malicious signed binaries
4,000,000
0
20,000,000
24,000,000
16,000,000
12,000,000
8,000,000
Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q32015 2016 2017
Source: McAfee Labs, 2017.
Source: McAfee Labs, 2017.
New ransomware rose by 36% in Q3, boosted by a big increase in Android screen-locking threats.
REPORT
7 McAfee Labs Threat Report, December 2017
Follow
Share
New Faceliker malware
500,000
0
2,500,000
2,000,000
1,500,000
1,000,000
4,500,000
5,000,000
4,000,000
3,500,000
3,000,000
Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q32015 2016 2017
Source: McAfee Labs, 2017.
New macro malware
50,000
0
250,000
200,000
150,000
100,000
Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q32015 2016 2017
Source: McAfee Labs, 2017.
Total macro malware
300,000
0
1,500,000
1,200,000
900,000
600,000
Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q32015 2016 2017
Source: McAfee Labs, 2017.
Total Faceliker malware
2,000,000
0
10,000,000
8,000,000
6,000,000
4,000,000
16,000,000
14,000,000
12,000,000
Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q32015 2016 2017
Source: McAfee Labs, 2017.
The Faceliker Trojan manipulates Facebook clicks to artificially “like” certain content. To learn more, read this post from McAfee Labs.
REPORT
8 McAfee Labs Threat Report, December 2017
Follow
Share
New PowerShell malware
2,000
0
10,000
8,000
6,000
4,000
16,000
14,000
12,000
Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q32015 2016 2017
Source: McAfee Labs, 2017.
New JavaScript malware
1,000,000
0
5,000,000
6,000,000
7,000,000
4,000,000
3,000,000
2,000,000
Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q32015 2016 2017
Source: McAfee Labs, 2017.
Total JavaScript malware
10,000,000
0
50,000,000
40,000,000
30,000,000
20,000,000
Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q32015 2016 2017
Source: McAfee Labs, 2017.
Total PowerShell malware
5,000
0
25,000
20,000
15,000
10,000
30,000
Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q32015 2016 2017
Source: McAfee Labs, 2017.
JavaScript malware fell by 26% in Q3 from an all-time high in Q2. For more on JavaScript threats, see “The rise of script-based malware,” in the McAfee Labs Threats Report, September 2017.
PowerShell malware more than doubled in Q3 compared with Q2. For more on PowerShell threats, see “The rise of script-based malware,” in the McAfee Labs Threats Report, September 2017.
REPORT
9 McAfee Labs Threat Report, December 2017
Follow
Share
Incidents McAFEE GLOBAL THREAT INTELLIGENCE
Every quarter, the McAfee Global Threat Intelligence cloud dashboard allows us to see and analyze real-world attack patterns that lead to better customer protection. This information provides insight into attack volumes that our customers experience. In Q3, our customers saw the following attack volumes:
• McAfee GTI received on average 45 billion queries per day in Q3.
• McAfee GTI protections against malicious files increased to 40 million per day in Q3 from 36 million in Q2.
Continued on page 10.
Top 10 attack vectors in 2016–2017(Number of publicly disclosed incidents)
100
0
500
600
400
300
200
Unknow
n
Account hijacking
Leak
Malw
are
DD
oS
Targeted
SQL
injection
Defacem
ent
W-2 scam
Vulnerability
Source: McAfee Labs, 2017.
Source: McAfee Labs, 2017.
Publicly disclosed security incidents by region(Number of publicly disclosed incidents)
50
0
250
300
350
200
150
100
Q2 Q3Q1 Q4 Q1 Q3Q22016 2017
Africa AsiaAmericas Europe
MultipleOceana
REPORT
10 McAfee Labs Threat Report, December 2017
Follow
Share
Top 10 targeted sectors in 2016–2017(Number of publicly disclosed incidents)
50
0
250
300
200
150
100
Public
Health
People
Education
Finance
Retail
Online
services
Software
development
Multiple
Entertainment
Source: McAfee Labs, 2017.
• McAfee GTI protections against potentially unwanted programs (PUPs) shows a decrease back to typical levels at 45 million per day in Q3 from an abnormal high of 77 million in Q2.
• McAfee GTI protections against medium-risk URLs shows an increase to 43 million per day in Q3 from 42 million in Q2.
• McAfee GTI protections against high-risk URLs shows an increase to 56 million per day in Q3 from 41 million in Q2.
• McAfee GTI protections against risky IP addresses shows a decrease to 48 million per day in Q3 from 58 million per day in Q2.
Source: McAfee Labs, 2017.
Top sectors targeted in North and South America
(Number of publicly disclosed incidents)
10
0
50
40
30
80
70
60
20
Health
Public Sector
Education
Finance
Retail
Technology
Entertainment
Hospitality
Online Services
Manufacturing
Q4 2016 Q1 2017 Q2 2017 Q3 2017
REPORT
11 McAfee Labs Threat Report, December 2017
Follow
Share
Source: McAfee Labs, 2017.
Source: McAfee Labs, 2017.
New suspect URLs
3,000,000
0
15,000,000
12,000,000
9,000,000
6,000,000
18,000,000
Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q32015 2016 2017
New spam URLs
200,000
0
1,000,000
800,000
600,000
400,000
Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q32015 2016 2017
New phishing URLs
200,000
0
1,000,000
1,200,000
1,400,000
800,000
600,000
400,000
Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q32015 2016 2017
Source: McAfee Labs, 2017.
Spam botnet prevalence by volume in Q3
49%
39%
10%
1%2%
Necurs
Gamut
Cutwail
Darkmailer
Lethic
Others
Source: McAfee Labs, 2017.
Web and Network Threats
Gamut remains the most prevalent spamming botnet during Q3, with Necurs a close second. Necurs proliferated several Ykcol (Locky) ransomware campaigns with themes such as “Status Invoice,” “Your Payment,” and “Emailing: [Random Numbers] .JPG” during the quarter.
REPORT
12 McAfee Labs Threat Report, December 2017
Follow
Share
Top countries hosting botnet control servers in Q3
39%
14%5%4%
28%
4%3%
3%
Germany
United States
China
Netherlands
France
Russia
Canada
Others
Source: McAfee Labs, 2017.
Top malware connecting to controlservers in Q3
49%
26%
5%
9%
4%
3%
2%2%
Maazben
Wapomi
China Chopper
RedLeaves
Onion Duke
Muieblackcat
Ramnit
Others
Source: McAfee Labs, 2017.
Top network attacks in Q3
44%
16%
13%
12%
7%
4%5%
Browser
SMB
Denial of service
Brute force
Malware
DNS
Others
Source: McAfee Labs, 2017.
2821 Mission College Blvd.Santa Clara, CA 95054888.847.8766www.mcafee.com
13 McAfee Labs Threat Report, December 2017
About McAfee
McAfee is one of the world’s leading independent cybersecurity companies. Inspired by the power of working together, McAfee creates business and consumer solutions that make the world a safer place. By building solutions that work with other companies’ products, McAfee helps businesses orchestrate cyber environments that are truly integrated, where protection, detection, and correction of threats happen simultaneously and collaboratively. By protecting consumers across all their devices, McAfee secures their digital lifestyle at home and away. By working with other security players, McAfee is leading the effort to unite against cybercriminals for the benefit of all.
www.mcafee.com.
About McAfee Labs
McAfee Labs is one of the world’s leading sources for threat research, threat intelligence, and cybersecurity thought leadership. With data from millions of sensors across key threats vectors—file, web, message, and network—McAfee Labs delivers real-time threat intelligence, critical analysis, and expert thinking to improve protection and reduce risks.
www.mcafee.com/us/mcafee-labs.aspx.
The information in this document is provided only for educational purposes and for the convenience of McAfee customers. The information contained herein is subject to change without notice, and is provided “as is,” without guarantee or warranty as to the accuracy or applicability of the information to any specific situation or circumstance. McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others. Copyright © 2017 McAfee, LLC 3708_1117_rp-threats-dec-2017December 2017
Top Related