Story image

Faceliker Trojan leads the malware race in Q2

02 Oct 2017

McAfee’s latest global Quarterly Threats Report puts rogue Facebook likers, script-based malware, healthcare threats and “mega ransomware” outbreaks at the top of its threat list for September 2017, complementing an overall increased in most types of malware.

According to the report, Facebook became a notable attack vector in Q2 through the use of a Trojan called Faceliker. The Trojan accounted for around 8.9% of the quarter’s 52 million new malware samples.

It works by infecting a user’s browser when they visit compromised or malicious websites. It then hijacks Facebook likes and advertises content without the user’s knowledge or permission. This method can boost advertising revenue for the threat actors as it can make a post look stronger than it actually is.

Vincent Weafer, McAfee Labs vice president, says Faceliker is able to manipulate social communications and apps

“By making apps or news articles appear more popular, accepted and legitimate among friends, unknown actors can covertly influence the way we perceive value and even truth. As long as there is profit in such efforts, we should expect to see more such schemes in the future,” he explains.

The report also highlighted that the healthcare industry across the world is taking a heavier hit than all other sectors in regards to security incident reports. 26% of incidents in Q2 were due to data breaches by accident or human error and the direct result of cyber attacks such as WannaCry.

In Asia Pacific, the public sector reported more incidents in Q2 than any other sector. Financial services and technology rounded out the top three reporters.

“Whether physical or digital, data breaches in healthcare highlight the value of the sensitive personal information organisations in the sector possess. They also reinforce the need for stronger corporate security policies that work to ensure the safe handling of that information,” Weafer comments.

Overall, the report found a 67% increase in malware in Q2, attributed to the rise of malware installs and the Faceliker Trojan.

Mac malware detections increased 4% in Q2 to 27,000 detections. Researchers put the mild increase down to a decrease in adware infections.

The report also calls attention to script-baled malware delivered through the Microsoft scripting language.

Spam emails are able to deliver malicious PowerShell scripts – techniques that rely on social engineering rather than security vulnerabilities. The scripts then compromise users’ systems.

“The script-based malware trend also includes the weaponisation of JavaScript, VBScript, and other types of non-executable modules using .doc, PDF, .xls, HTML, and other benign standards of personal computing.”

The report also stresses the importance of spotting adversary activities in their environment.

“One underlying assumption is that, at every moment, there is at least one compromised system on the network, an attack that has managed to evade the organisation’s preventive security measures,” explains Ismael Valenzuela, principal engineer, Threat Hunting and Security Analytics at McAfee.

“Threat hunters must quickly find artifacts or evidence that could indicate the presence of an adversary in the network, helping to contain and eliminate an attack before it raises an alarm or results in a data breach.”

Kiwis know security is important, but they're not doing much about it
Only 49% of respondents use antivirus software and even fewer – just 19% -  change their passwords regularly.
Avi Networks: Using visibility to build trust
Visibility, also referred to as observability, is a core tenet of modern application architectures for basic operation, not just for security.
Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.