A ransomware revival leads to 2.2 billion stolen credentials on the dark web in Q1

In a new report, McAfee Labs said cybercriminals were focusing in on attacking weak IoT devices and extracting huge troves of data from large companies.

Black Hat 2019: Social media influence campaigns, ATM hacking, and big business TechRepublic's Karen Roby interviews Dan Patterson about the top trends at the Black Hat USA 2019 cybersecurity conference.

Researchers at cybersecurity firm McAfee called the past months "the quarter of data dumps" in an alarming report released on Wednesday. 

The 40-page survey of the security landscape found more than 2.2 billion stolen account credentials were made available on the cybercriminal underground this quarter and hackers had even figured out ways to break into Wi-Fi enabled coffee makers.

"The impact of these threats is very real," said Raj Samani, McAfee fellow and chief scientist.

"It's important to recognize that the numbers, highlighting increases or decreases of certain types of attacks, only tell a fraction of the story. Every infection is another business dealing with outages, or a consumer facing major fraud. We must not forget for every cyberattack, there is a human cost."

Just one month ago, former Amazon engineer Paige A. Thompson was arrested and charged for allegedly stealing the personal data of over 106 million Americans and Canadians in addition to taking data from more than 30 other companies.

McAfee Labs research found 504 new threats per minute in the first four months of the year. Cybercriminals were adapting quickly to security measures and were innovating constantly with new tactics and code.
 
SEE: [IT leader's guide to deep learning] (Tech Pro Research)
 
Almost 70% of all attacks used spearphishing to gain their first access but many hackers were now targeting remote access points that can be easily overtaken through brute-force attacks or outright bought on the cybercriminal underground. 
 
Once a remote access point taken over, cybercriminals can gain administrative privileges, grant full rights to distribute files and execute malware throughout corporate networks.
 
"After a periodic decrease in new families and developments at the end of 2018, the first quarter of 2019 was game on again for ransomware, with code innovations and a new, much more targeted approach" said Christiaan Beek, McAfee lead scientist.

"Paying ransoms supports cybercriminal businesses and perpetuates attacks. There are other options available to victims of ransomware. Decryption tools and campaign information are available through tools such as the No More Ransom project," Beek said.
 
The report pointed out that cryptomining has become a huge industry for hackers targeting Apple users. They found that new coin malware had increased by nearly 30% this quarter and a malware named CookieMiner was focusing on Apple devices to get bitcoin wallets credentials.
 
IoT devices are becoming hubs of activity for hackers looking for a way into systems in homes and at companies. McAfee had to notify a company that makes internet-connected coffee machines enabled with the Wemo IoT platform because they found easy ways into their system.
 
"Research revealed that a third party could access the network and control scheduling, causing either burned coffee or possibly even a fire. The manufacturer patched the original template vulnerability and released new firmware. However, McAfee found another vulnerability in the same product not covered by the updates," they wrote in the report.
 
McAfee found that total IoT malware grew 154% over the past four quarters and it will only continue as more people buy internet-connected devices.
 
"Most businesses, from Fortune 500s to mom-and- pop shops, will likely deal with a security breach or vulnerability disclosure at some point," Steve Povolny, head of Advanced Threat Research at McAfee, says in the report. 
 
"Those who are proactive and very public in addressing the issue have an opportunity to reinforce consumer trust and confidence. By engaging with the research team and coordinating on the mitigation and communication of the issue, vendors can set themselves apart in industries that are facing further security scrutiny from customers, shareholders, and the general public."

Despite the large number of data dumps, McAfee noted that incidents targeting the Asia-Pacific region increased by more than 100 percent, yet attacks in the Americas and Europe declined nearly 3% and 2% respectively.

Also see
How to become a cybersecurity pro: A cheat sheet (TechRepublic)
Mastermind con man behind Catch Me If You Can talks cybersecurity (TechRepublic download)
Windows 10 security: A guide for business leaders (TechRepublic Premium)
Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
The best password managers of 2019 (CNET)