Crooks Avoid Exposure Using Old Campaigns

AUGUST 4, 2018


McAfee Labs has issued its Threats Report June 2018, in which it emphasizes the important analytical research and danger trend figures collected from Q1 2018. A key outcome was a substantially high spike in the total coin miner malware, which soared by 629% in Q1 to over 2.9 million samples.

Additional outcomes included in this report are the complicated nation-state threat campaigns – driven by fiscally and politically inspired crooks – that had targeted users and enterprise systems all over the world.

“We have noticed the constant growth of this criminal attempt during the quarter,” the report state. “The objective of the culprits is to monetize their criminal activity by applying the minimum amount of effort, using the least middlemen, and performing their crimes in the shortest time possible and with the minimum risk of detection.”

Bad actors carry on to grow more inventive and show an impressive level of technical agility, improving on many of the attack schemes that developed at the end of 2017. With some technical originality, these actors have found new ways to evade exposure and alleviation.

Among the main campaigns were Gold Dragon, Lazarus and the cryptocurrency campaigns GhostSecret and Bankshot. “Gold Dragon is a specifically slippery example of fileless malware since it is intended to be evasive, checking on procedures linked to antimalware solutions,” the report stated. 

Scientists believe the presently active and very complicated campaign, GhostSecret, is linked with the international cybercrime group called Hidden Cobra. The campaign, which “uses a series of implants to correct data from infected systems, is also categorized by its capability to avoid exposure and throw forensic detectives off its trail.”

The Lazarus cybercrime group returned to target international financial companies and Bitcoin users with a new Bitcoin-stealing phishing campaign called HaoBao.

Generally, the June report emphasizes the attempts on the part of bad actors who try to do better. To that end, they’ve moved from PowerShell to LNK. “In 2017 we saw a rise in the abuse of caring technologies for malevolent purposes, like PowerShell. In Q1 2018, we saw malevolent actors turn away from PowerShell exploits, which dropped 77% and take benefit of LNK abilities. New LNK malware rose 59% in Q1.”