Every three months, our team crafts the McAfee Labs Threats Report. The quarterly report ranges in topic and severity but always touches on the most important and impactful threats afflicting consumers and companies alike. This year, the McAfee Labs team analyzed an average of 1,800,000 URLs, 800,000 files and 200,000 high-risk files to produce the McAfee Labs Threats Report: September 2018, which features digital assistants, cryptocurrencies, and cybercriminal gangs up to no good. Overall, it’s been an eventful quarter.
So, what are the key takeaways for you? Notably, our team has continued to track a downward trend in new malware attacks for the second successive quarter. Good news on the surface, but that trend may not be indicative of much; as we also saw a spike in new malware in Q4 2017. We’ll continue to watch this into next year. Significantly, we found that a good portion of net new malware is designed for mobile, which increased 27 percent over the previous quarter. In addition, here’s a look at the other trending stories we uncovered.
Digital Assistants
Digital assistants are advanced programs that we can converse with to research, act on our behalf and overall help make our digital lives more comfortable. Siri, Bixby and Google Assistant are few. But one digital assistant, Microsoft’s Cortana, is a little too helpful. The good news, Microsoft quickly rolled out a fix for this vulnerability to protect your Windows 10 computer. Be sure your software is up to date.
Cryptocurrency
The second story involves cryptocurrencies. Cryptocurrencies are digital tokens generated by a computer after solving complex mathematical functions. These functions are used to verify the authenticity of a ledger, or blockchain. Blockchains, by their nature, are relatively secure. But an account that is connected to a blockchain — usually, in this case, associated with a cryptocurrency — is not. And that’s where cybercriminals are focusing their efforts, with coin miner malware up 86% in Q2 2018.
Our report found cybercriminals are chasing after access to cryptocurrencies and they’re doing so using familiar tactics. For example, phishing attacks — where cybercriminals pose as someone else online — are popular tools to take over a cryptocurrency-related account. Malicious programs are also deployed to collect passwords and other information related to an account before stealing virtual currency. You can read more about blockchain and cryptocurrency vulnerabilities here.
Malicious Apps
Finally, the McAfee Mobile Research team found a collection of malicious applications facilitating a scam in the Google Play store. The apps in question siphon money from unwary users through billing-fraud. Billing-fraud collects money from victims for “using” a “premium” service, such as sending texts to a particular number.
In this case, the cybercriminal ring known as the AsiaHitGroup Gang attempted to charge at least 20,000 victims for downloading fake or copied versions of popular applications. To increase its potential, AsiaHitGroup Gang is using geolocation to target vulnerable populations.
So, what can you do to stay safe in the face of these threats? Here are three quick tips:
- Limit device access. If you can, limit the ability and access a digital assistant has to your device. Often, you can adjust where and how an assistant is activated through your settings. Otherwise, update your software regularly, as many updates contain security fixes.
- Create strong passwords. If you’re participating in the cryptocurrency market, then make sure you use strong, robust passwords to protect your accounts. This means using upper case, lower case, symbols and numbers for passwords that are 12 characters long. Afraid you might forget the key to your account? Consider using a password manager.
- Be careful what you download. Always do some light research on the developer of a mobile application. If the information is hard to come across or absent, consider using an alternative program. Additionally, never download mobile applications from third-party app stores. Genuine stores, like Google Play and Apple’s App Store, should provide you with what you need.
And, of course, stay informed. To keep atop of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.