McAfee Labs Threat Report December 217 THREATS STATISTICS Malware Incidents Web and Network Threats 1 McAfee Labs Threat Report, December 217
The McAfee Labs count of new malware in Q3 reached an all-time high of 57.6 million new samples, an increase of 1% from Q2. Introduction Welcome to the McAfee Labs Threats Report. In this edition, we highlight the statistics gathered by McAfee Labs in Q3 of 217. The biggest number of the quarter is our count of new malware, which reached an all-time high of 57.6 million new samples, an increase of 1% from Q2. The total count in the McAfee Labs sample database is now more than 78 million. New ransomware rose by 36% this quarter, largely from widespread Android screen-locking malware. The easy availability of exploit kits and dark web sources fuel the rapid creation of new malware. Some of the biggest malware stories that McAfee covered in Q3 include the data breach at the Equifax credit reporting company; another data breach, through a misconfigured AWS server, at a Verizon customer support supplier; and a remote code execution vulnerability in Apache Struts, a popular component of many websites across the world. Every quarter, the McAfee Global Threat Intelligence cloud dashboard allows us to see and analyze real-world attack patterns that lead to better customer protection. This information provides insight into attack volumes that our customers experience. See Page 9 for Q3 results. Raj Samani, Chief Scientist and McAfee Fellow, Advanced Threat Research Team Stay Informed Our Q3 report demonstrates an escalation in threats, not only in these stories and other reports but also in our statistics, which show increases across multiple categories. Staying informed of emerging threats and the tactics employed by malicious actors is essential. McAfee Labs is committed to helping our customers keep up to date. For more information on threats, follow us @McAfee_Labs. This report was researched and written by: Niamh Minihane Francisca Moreno Eric Peterson Raj Samani Craig Schmugar Dan Sommer Bing Sun 2 McAfee Labs Threat Report, December 217
Threats Statistics 4 Malware 9 Incidents 11 Web and Network Threats 3 McAfee Labs Threat Report, December 217
Malware 6,, 5,, New malware 9,, 75,, Total malware New malware increased by 1% in Q3, to a record high of 57.6 million samples. 4,, 6,, 3,, 45,, 2,, 3,, 1,, 15,, 215 216 217 215 216 217 3,, 2,5, 2,, New mobile malware 25,, 2,, 15,, Total mobile malware New mobile malware jumped by 6% in Q3, fueled by a big increase in Android screenlocking ransomware. 1,5, 1,, 1,, 5,, 5, 215 216 217 215 216 217 4 McAfee Labs Threat Report, December 217
Regional mobile malware infection rates (Percentage of mobile customers reporting infections) Global mobile malware infection rates (Percentage of mobile customers reporting infections) 25% 14% 2% 12% 15% 1% 1% 8% 5% 6% % Africa Asia Australia Europe North America South America Q4 216 Q1 217 Q2 217 Q3 217 4% 2% % 215 216 217 New Mac malware Total Mac malware 35, 7, 3, 6, 25, 5, 2, 4, 15, 3, 1, 2, 5, 1, 215 216 217 215 216 217 5 McAfee Labs Threat Report, December 217
1,8, 1,5, 1,2, New ransomware 14,, 12,, 1,, Total ransomware New ransomware rose by 36% in Q3, boosted by a big increase in Android screenlocking threats. 9, 8,, 6, 6,, 3, 4,, 215 216 217 2,, 215 216 217 1,6, 1,4, 1,2, 1,, 8, 6, New malicious signed binaries 24,, 2,, 16,, 12,, 8,, 4,, Total malicious signed binaries 4, 2, 215 216 217 215 216 217 6 McAfee Labs Threat Report, December 217
New macro malware Total macro malware 25, 1,5, 2, 1,2, 15, 9, 1, 6, 5, 3, 215 216 217 215 216 217 5,, 4,5, 4,, New Faceliker malware 16,, 14,, 12,, Total Faceliker malware The Faceliker Trojan manipulates Facebook clicks to artificially like certain content. To learn more, read this post from McAfee Labs. 3,5, 1,, 3,, 8,, 2,5, 6,, 2,, 4,, 1,5, 2,, 1,, 5, 215 216 217 215 216 217 7 McAfee Labs Threat Report, December 217
7,, 6,, 5,, 4,, 3,, New JavaScript malware 5,, 4,, 3,, 2,, 1,, Total JavaScript malware JavaScript malware fell by 26% in Q3 from an all-time high in Q2. For more on JavaScript threats, see The rise of scriptbased malware, in the McAfee Labs Threats Report, September 217. 2,, 1,, 215 216 217 215 216 217 16, 14, 12, 1, 8, New PowerShell malware 3, 25, 2, 15, 1, Total PowerShell malware PowerShell malware more than doubled in Q3 compared with Q2. For more on PowerShell threats, see The rise of script-based malware, in the McAfee Labs Threats Report, September 217. 6, 5, 4, 2, 215 216 217 215 216 217 8 McAfee Labs Threat Report, December 217
Incidents McAFEE GLOBAL THREAT INTELLIGENCE Publicly disclosed security incidents by region (Number of publicly disclosed incidents) 35 3 25 2 15 1 5 Q1 Q2 Q3 Q4 Q1 Q2 Q3 216 217 Africa Asia Multiple Americas Europe Oceana 6 5 4 3 2 1 Top 1 attack vectors in 216 217 (Number of publicly disclosed incidents) Unknown Account hijacking Leak Malware DDoS Targeted SQL injection Defacement W-2 scam Vulnerability Every quarter, the McAfee Global Threat Intelligence cloud dashboard allows us to see and analyze realworld attack patterns that lead to better customer protection. This information provides insight into attack volumes that our customers experience. In Q3, our customers saw the following attack volumes: McAfee GTI received on average 45 billion queries per day in Q3. McAfee GTI protections against malicious files increased to 4 million per day in Q3 from 36 million in Q2. Continued on page 1. 9 McAfee Labs Threat Report, December 217
8 7 6 5 4 3 2 1 Health Top sectors targeted in North and South America (Number of publicly disclosed incidents) Public Sector Education Finance Retail Technology Entertainment Hospitality Online Services Manufacturing 3 25 2 15 1 5 Top 1 targeted sectors in 216 217 (Number of publicly disclosed incidents) Public Health People Education Finance Online services Multiple Retail Entertainment Software development McAfee GTI protections against potentially unwanted programs (PUPs) shows a decrease back to typical levels at 45 million per day in Q3 from an abnormal high of 77 million in Q2. McAfee GTI protections against medium-risk URLs shows an increase to 43 million per day in Q3 from 42 million in Q2. McAfee GTI protections against high-risk URLs shows an increase to 56 million per day in Q3 from 41 million in Q2. Q4 216 Q1 217 Q2 217 Q3 217 McAfee GTI protections against risky IP addresses shows a decrease to 48 million per day in Q3 from 58 million per day in Q2. 1 McAfee Labs Threat Report, December 217
Web and Network Threats 18,, 15,, 12,, 9,, 6,, 3,, New suspect URLs 215 216 217 Spam botnet prevalence by volume in Q3 2%1% 1% Gamut Necurs Cutwail 49% Darkmailer Lethic 39% Others Gamut remains the most prevalent spamming botnet during Q3, with Necurs a close second. Necurs proliferated several Ykcol (Locky) ransomware campaigns with themes such as Status Invoice, Your Payment, and Emailing: [Random Numbers].JPG during the quarter. New spam URLs New phishing URLs 1,, 1,4, 8, 1,2, 6, 1,, 4, 8, 2, 6, 215 216 217 4, 2, 215 216 217 11 McAfee Labs Threat Report, December 217
Top malware connecting to control servers in Q3 Top countries hosting botnet control servers in Q3 2% 2% 9% Wapomi United States 3% 4% 5% 49% Maazben China Chopper RedLeaves Onion Duke 28% 39% Germany China Netherlands France Muieblackcat 3% Russia 26% Ramnit Others 3% 4% 4% 5% 14% Canada Others Top network attacks in Q3 7% 4% 5% SMB Browser 12% 13% 44% Denial of service Brute force Malware DNS Others 16% 12 McAfee Labs Threat Report, December 217
About McAfee McAfee is one of the world s leading independent cybersecurity companies. Inspired by the power of working together, McAfee creates business and consumer solutions that make the world a safer place. By building solutions that work with other companies products, McAfee helps businesses orchestrate cyber environments that are truly integrated, where protection, detection, and correction of threats happen simultaneously and collaboratively. By protecting consumers across all their devices, McAfee secures their digital lifestyle at home and away. By working with other security players, McAfee is leading the effort to unite against cybercriminals for the benefit of all. About McAfee Labs McAfee Labs is one of the world s leading sources for threat research, threat intelligence, and cybersecurity thought leadership. With data from millions of sensors across key threats vectors file, web, message, and network McAfee Labs delivers real-time threat intelligence, critical analysis, and expert thinking to improve protection and reduce risks. www.mcafee.com/us/mcafee-labs.aspx. www.mcafee.com. 2821 Mission College Blvd. Santa Clara, CA 9554 888.847.8766 www.mcafee.com The information in this document is provided only for educational purposes and for the convenience of McAfee customers. The information contained herein is subject to change without notice, and is provided as is, without guarantee or warranty as to the accuracy or applicability of the information to any specific situation or circumstance. McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others. Copyright 217 McAfee, LLC 378_1117_rp-threats-dec-217 December 217 13 McAfee Labs Threat Report, December 217