Trending...
- California: Three years after the end of Roe, Governor Newsom, First Partner sound the alarm on Trump's "Big, Beautiful" plan to defund Planned Parenthood - 114
- Ascent Solar Technologies Enters Collaborative Agreement Notice with NASA to Advance Development of Thin-Film PV Power Beaming Capabilities: ASTI
- California awards over $15 million to apprenticeship programs connecting youth to high-paying jobs
SAN JOSE, Calif.--(BUSINESS WIRE)--McAfee Corp. (Nasdaq: MCFE), the device-to-cloud cybersecurity company, today released its McAfee Threats Report: June 2021, examining cybercriminal activity related to malware and the evolution of cyber threats in the first quarter of 2021. The quarter saw cyber adversaries shift from low-return, mass-spread ransomware campaigns toward fewer, customized Ransomware-as-a-Service (RaaS) campaigns targeting larger, more lucrative organizations. A proliferation in 64-bit CoinMiner applications drove the growth of cryptocurrency-generating coin mining malware by 117%. Additionally, a surge in the growth of new Mirai-based malware variants drove increases in malware targeting Internet of Things (55%) and Linux (38%) systems.
"Criminals will always evolve their techniques to combine whatever tools enable them to best maximize their monetary gains with the minimum of complication and risk," said Raj Samani, McAfee fellow and chief scientist. "We first saw them use ransomware to extract small payments from millions of individual victims. Today, we see Ransomware as a Service supporting many players in these illicit schemes holding organizations hostage and extorting massive sums for the criminals."
Each quarter, McAfee assesses the state of the cyber threat landscape based on in-depth research, investigative analysis, and threat data gathered by the McAfee Global Threat Intelligence cloud from over a billion sensors across multiple threat vectors around the world.
Ransomware
Ransomware declined by 50% in Q1 due in part to a shift by attackers from broad campaigns attacking many targets with the same samples to campaigns attacking fewer, larger targets with unique samples. Campaigns using one type of ransomware to infect and extort payments from many victims are notoriously "noisy" in that hundreds of thousands of systems will, in time, begin to recognize and block these attacks. By allowing attackers to launch unique attacks, RaaS affiliate networks are allowing adversaries to minimize the risk of detection by large organizations' cyber defenses and then paralyze and extort them for large ransomware payments. This shift is reflected by the decline in prominent ransomware family types from 19 in January 2021 to 9 in March 2021.
More on The Californer
Despite the high profile attacks from the DarkSide RaaS group exposed in Q2 2021, REvil was the most detected in Q1, followed by the RansomeXX, Ryuk, NetWalker, Thanos, MountLocker, WastedLocker, Conti, Maze and Babuk strains.
Coin Miner Malware
While prominent ransomware attacks have focused attention on how criminals use ransomware to monetize their crimes with payments in cryptocurrency, a first quarter 117% surge in the spread of cryptocurrency-generating coin mining malware can be attributed to a sharp spike in 64-bit CoinMiner applications.
Rather than locking up victims' systems and holding them hostage until cryptocurrency payments are made, Coin Miner malware infects compromised systems and silently produces cryptocurrency using those systems' computing capacity for the criminals that designed and launched such campaigns. The advantage to cybercriminals is that there is zero interaction required of both the perpetrator and the victim. While the victim's computers may operate slower than usual due the coin miner's workload, victims may never become aware that their system is creating monetary value for criminals.
"The takeaway from the ransomware and coin miner trends shouldn't be that we need to restrict or even outlaw the use of cryptocurrencies," Samani continued. "If we have learned anything from the history of cybercrime, criminals counter defenders' efforts by simply improving their tools and techniques, sidestepping government restrictions, and always being steps ahead of defenders in doing so. If there are efforts to restrict cryptocurrencies, perpetrators will develop new methods to monetize their crimes, and they only need to be a couple steps ahead of governments to continue to profit."
Threats & Victims
Overall Malware Threats. The first quarter of 2021 saw the volume of new malware threats average 688 threats per minute, an increase of 40 threats per minute over Q4 2020.
IoT & Linux Devices. A variety of new Mirai malware variants drove increases on the Internet of Things (IoT) and Linux malware categories in Q1. The Moobot family (a Mirai variant) was observed to be mass-spread and accounted for multiple Mirai variants. These variants all exploit vulnerabilities in IoT devices like DVRs, webcams and internet routers. Once exploited, the malware is hidden on the system, downloads later stages of the malware and connects with the command-and-control server (C2). When the compromised IoT devices are connected to their botnet, they can be commandeered to participate in DDoS attacks.
More on The Californer
Industry Sectors. McAfee tracked a 54% increase in publicly reported cyber incidents targeting the technology sector during the first quarter of 2021. The Education and Financial/Insurance sectors followed with 46% and 41% increases respectively, whereas reported incidents in Wholesale/Retail and Public Sector declined by 76% and 39% respectively.
Regions. These incidents surged in 54% in Asia and 43% in Europe, but declined 13% in North America. While reported incidents actually declined 14% in the United States, these incidents grew 84% in France and 19% in the United Kingdom.
Resources:
About McAfee Labs and Advanced Threat Research
McAfee Labs and McAfee Advanced Threat Research are a leading source for threat research, threat intelligence, and cybersecurity thought leadership. With data from over a billion sensors across key threats vectors—file, web, message, and network— McAfee Labs and McAfee Advanced Threat Research deliver real-time threat intelligence, critical analysis, and expert thinking to improve protection and reduce risks.
About McAfee
McAfee Corp. (Nasdaq: MCFE) is the device-to-cloud cybersecurity company. Inspired by the power of working together, McAfee creates consumer and business solutions that make our world a safer place. www.mcafee.com
McAfee® and the McAfee logo are trademarks of McAfee, LLC or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others.
"Criminals will always evolve their techniques to combine whatever tools enable them to best maximize their monetary gains with the minimum of complication and risk," said Raj Samani, McAfee fellow and chief scientist. "We first saw them use ransomware to extract small payments from millions of individual victims. Today, we see Ransomware as a Service supporting many players in these illicit schemes holding organizations hostage and extorting massive sums for the criminals."
Each quarter, McAfee assesses the state of the cyber threat landscape based on in-depth research, investigative analysis, and threat data gathered by the McAfee Global Threat Intelligence cloud from over a billion sensors across multiple threat vectors around the world.
Ransomware
Ransomware declined by 50% in Q1 due in part to a shift by attackers from broad campaigns attacking many targets with the same samples to campaigns attacking fewer, larger targets with unique samples. Campaigns using one type of ransomware to infect and extort payments from many victims are notoriously "noisy" in that hundreds of thousands of systems will, in time, begin to recognize and block these attacks. By allowing attackers to launch unique attacks, RaaS affiliate networks are allowing adversaries to minimize the risk of detection by large organizations' cyber defenses and then paralyze and extort them for large ransomware payments. This shift is reflected by the decline in prominent ransomware family types from 19 in January 2021 to 9 in March 2021.
More on The Californer
- Long Beach: LA28 Announces Finalized Sailing Venue Plan for 2028 Olympic Games
- Individual Software Announces New Versions of its Four Typing Programs in 2025
- Britt Michaelian Brings Transformative Art & Wellness to The Ecology Center's Peace Dome
- California: Governor Newsom urges safety this Fourth of July after 600,000 pounds of illegal explosives seized
- AI-Based Neurotoxin Countermeasure Initiative Launched to Address Emerging National Security Needs: Renovaro, Inc. (N A S D A Q: RENB)
Despite the high profile attacks from the DarkSide RaaS group exposed in Q2 2021, REvil was the most detected in Q1, followed by the RansomeXX, Ryuk, NetWalker, Thanos, MountLocker, WastedLocker, Conti, Maze and Babuk strains.
Coin Miner Malware
While prominent ransomware attacks have focused attention on how criminals use ransomware to monetize their crimes with payments in cryptocurrency, a first quarter 117% surge in the spread of cryptocurrency-generating coin mining malware can be attributed to a sharp spike in 64-bit CoinMiner applications.
Rather than locking up victims' systems and holding them hostage until cryptocurrency payments are made, Coin Miner malware infects compromised systems and silently produces cryptocurrency using those systems' computing capacity for the criminals that designed and launched such campaigns. The advantage to cybercriminals is that there is zero interaction required of both the perpetrator and the victim. While the victim's computers may operate slower than usual due the coin miner's workload, victims may never become aware that their system is creating monetary value for criminals.
"The takeaway from the ransomware and coin miner trends shouldn't be that we need to restrict or even outlaw the use of cryptocurrencies," Samani continued. "If we have learned anything from the history of cybercrime, criminals counter defenders' efforts by simply improving their tools and techniques, sidestepping government restrictions, and always being steps ahead of defenders in doing so. If there are efforts to restrict cryptocurrencies, perpetrators will develop new methods to monetize their crimes, and they only need to be a couple steps ahead of governments to continue to profit."
Threats & Victims
Overall Malware Threats. The first quarter of 2021 saw the volume of new malware threats average 688 threats per minute, an increase of 40 threats per minute over Q4 2020.
IoT & Linux Devices. A variety of new Mirai malware variants drove increases on the Internet of Things (IoT) and Linux malware categories in Q1. The Moobot family (a Mirai variant) was observed to be mass-spread and accounted for multiple Mirai variants. These variants all exploit vulnerabilities in IoT devices like DVRs, webcams and internet routers. Once exploited, the malware is hidden on the system, downloads later stages of the malware and connects with the command-and-control server (C2). When the compromised IoT devices are connected to their botnet, they can be commandeered to participate in DDoS attacks.
More on The Californer
- The Naturist World Just Shifted — NaturismRE Ignites a Global Resurgence
- Mental and Emotional Self-Management, Practical Tools for Trauma-Informed Stress Management
- CGI+ Sells Multifamily Development Site in Los Angeles' South Bay to JPI for $40 Million
- MicroStrategy Incorporated (MSTR) Investors Who Lost Money Have Opportunity to Lead Securities Fraud Lawsuit
- Alten Construction awarded Encinal Junior and Senior High School project
Industry Sectors. McAfee tracked a 54% increase in publicly reported cyber incidents targeting the technology sector during the first quarter of 2021. The Education and Financial/Insurance sectors followed with 46% and 41% increases respectively, whereas reported incidents in Wholesale/Retail and Public Sector declined by 76% and 39% respectively.
Regions. These incidents surged in 54% in Asia and 43% in Europe, but declined 13% in North America. While reported incidents actually declined 14% in the United States, these incidents grew 84% in France and 19% in the United Kingdom.
Resources:
About McAfee Labs and Advanced Threat Research
McAfee Labs and McAfee Advanced Threat Research are a leading source for threat research, threat intelligence, and cybersecurity thought leadership. With data from over a billion sensors across key threats vectors—file, web, message, and network— McAfee Labs and McAfee Advanced Threat Research deliver real-time threat intelligence, critical analysis, and expert thinking to improve protection and reduce risks.
About McAfee
McAfee Corp. (Nasdaq: MCFE) is the device-to-cloud cybersecurity company. Inspired by the power of working together, McAfee creates consumer and business solutions that make our world a safer place. www.mcafee.com
McAfee® and the McAfee logo are trademarks of McAfee, LLC or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others.
Filed Under: Business
0 Comments
Latest on The Californer
- Governor Newsom slams Trump over bill that would cut millions in health coverage, food assistance for California
- Jamison & Tania Events Wins Dual California Wedding Day Magazine "Best of 2025" Awards
- California invests billions of dollars to fix roads with "gas tax," expand bus and train service
- Long Beach: City Offering Space Beach Youth Workforce Summer Camp to Inspire Next Generation of Aerospace Professionals
- Make Innovation Matter: Support H.R.1's R&D Expensing Relief for American Small Businesses
- California: Governor Newsom statement on nationwide injunctions
- City of Long Beach Facilities and Services Schedule for Independence Day
- Agreement to Supply US-Based Defense Provider with Thin-Film Solar Tech for Orbital Application; Ascent Solar Technologies, Inc. (N A S D A Q: ASTI)
- Introducing The AI Bleederboard™
- Aviator Nation Launches Exclusive MLB Capsule Collections
- Byrd Davis Alden & Henrichson Launches Independence Day Safe Ride Initiative with 500 Free Uber Credits
- PriceSmart Announces Change to Previously Scheduled Conference Call
- Official Promo For 'The Ambony' Unveiled Ahead Of July 1st Launch
- TOMORROW: Governor Newsom to respond to Trump's Big Ugly Bill, outline devastating hit to Californians' health care
- Work + Wellness? It Is Possible:
- California: Governor Newsom announces appointments 6.26.25
- databahn Launches GenAI Sales Intelligence Platform to Revolutionize Fortune 500 and Global 2000 Account Research
- Deco Technology Group Named Exclusive North American Distributor for Quantix Digital DTO Printing
- IRF Builders Forum Brings Global Leaders to Washington, D.C. to Advance Religious Freedom Through Cooperative Engagement
- California: A foundation for the future: state breaks ground on affordable housing site in Stockton