Monday 24 September 2018

Cryptocurrency mining malware is only going to get worse according to McAfee report

McAfee has published its latest threat report which highlights a big spike in cryptocurrency-related malware.

The McAfee Labs Threat Report for September found that malware which engages in cryptocurrency mining – using your PC’s resources behind your back to mine coins for someone else – nearly doubled in the second quarter of this year, with an 85% increase. In total, 2.5 million new samples were found, and McAfee discovered what appeared to be older strains of malware, like ransomware, retooled to target cryptocurrency.

That isn’t surprising given the amount of news we’ve seen coming through of these various crypto-mining exploits popping up all over the place, for example, in games on Steam or Kodi add-ons.

McAfee also found that malware which is designed to exploit software vulnerabilities shot up by 151% during Q2, much of it being repurposed spins on WannaCry and NotPetya.

Christiaan Beek, Lead Scientist and Senior Principal Engineer at McAfee, commented: “WannaCry and NotPetya provided cybercriminals compelling examples of how malware could use vulnerability exploits to gain a foothold on systems and then quickly propagate across networks.

“It’s still surprising to see numerous vulnerabilities from as far back as 2014 used successfully to spearhead attacks, even when there have been patches available for months and years to deflect exploits.”

As for ransomware, that continues to increase steadily, with growth pegged at 57% over the past year. And when it came to mobile malware, McAfee found a 27% increase over the course of the second quarter.

Cortana capers

On the voice assistant front, McAfee reminded us of a flaw in Microsoft’s Cortana which allowed for bypassing the Windows 10 lock screen, found back in June, and patched by Microsoft at that time.

Concerning the Internet of Things and smart home gadgets, McAfee also highlighted a security hole in Belkin’s Wemo smart plug, which the security firm discovered last month. An attacker could potentially use this to remotely open a backdoor on a network, and subsequently meddle with any connected smart home devices (for example, turning your smart TV on or off).

There are likely to be more vulnerabilities which can be leveraged via digital assistants discovered in the near future – McAfee has said it’s already looking more deeply into finding further examples of these – and there will certainly be more holes in IoT gadgets cropping up than you can shake a ‘smart stick’ at.

https://ift.tt/2Dr6mpd

No comments:

Post a Comment