McAfee Labs : 2020 11

COVID-19 2020 1 2 10 McAfee 2 COVID-19 605% McAfee COVID-19
McAfee MVISION Insights Yara IoCMITRE ATT&CK
Christiaan Beek Sandeep Chandana Taylor Dunton Steve Grobman Rajiv Gupta Tracy Holden Tim Hux Kevin McGrath Douglas McKee Lee Munson Kaushik Narayan Joy Olowo Chanung Pak Chris Palm Tim Polzer Sang Ryol Ryu Raj Samani Sekhar Sarukkai Craig Schmugar



—Raj Samani
Twitter @Raj_Samani
1 10 McAfee 2 COVID-19 605%

21 MalBus Google Play ONE Store
23 Ripple20
25 OneDrive


McAfee® Labs 2020 2 Advanced Threat Research
1 2
6 COVID-19
6 RDP
McAfee 10
McAfee
McAfee Labs 2020 2 1 419 1 44 (12%)
()
: McAfee Labs, .
4
1
2






2 McAfee Labs 2020 2 561 ( ) 2020 1 22% 29% 30% 10%







,
,
,
,
,
,
,
3 McAfee 2020 2 3 McAfee MVISION 750








4 2020 2 47% 29% 25% 27%




/








5 2020 2 91% 25% 10% 14% 28%












S Q L i
D D o S



6 2020 2 35% (17%) (9%)


2020 2
McAfee Labs 2020 2 1 419 12%
PowerShell Donoff PowerShell 117%
Microsoft 365 103% PowerShell Donoff
25% Android Mobby
25% Hashbuster
Linux 22% Gafgyt (IoT) Mirai (IoT)
Android Mobby 15%
IoT 7% Gafgyt Mirai
iOS 77% Tiniv
21% Exploit-CVE-2010-2568
JavaScript 18% JavaScript
Mac OS 8% Shlayer Bundlore














2020 1 4 45%
CISO
McAfee Center for Public Policy Innovation ( CPPI) Homeland Security Dialogue Forum (HSDF) Securing the Complex Ecosystem of Hybrid Cloud

CISO 3
1.
2.
3.



AWSAzureGCP

AWS
RSA McAfee CTO AWS
AWS (IMDS) IMDS IAM IAM IAM S3




S3 S3 Google


S3 IAM S3
IP
S3


MITRE ATT&CK 43 1 https://attack.mitre.org/matrices/enterprise/ cloud/
AWS
S3 S3 AWS S3


1. CVE-2020-16170 –
2. CVE-2020-16168 – 3. CVE-2020-16167 – 4. CVE-2020-16169 –
temi temi
McAfee 2020 3 5 Robotemi Global Ltd. ATR 2020 7 15 temi Robox OS 120 Android 1.3.7931 Robotemi


temi
temi Android 1 360 LIDAR3 5 (IMU) temi
Robotemi temi Web Connected Living Kellog Collabera temi McAfee Advanced Threat Research 1,000 temi McAfee
temi McAfee
MalBus Google Play ONE Store McAfee Mobile Research MalBus MalBus Google Play ONE Store ONE Store 3 Android 3,500 ( 70% ) 2018 Apple
Google Play ONE Store
McAfee® Mobile Security Android/MalBus
7 ONE Store


McAfee ONE Store 27 28 ONE Store 26 29 ONE Store ONE Store 29 Google Play 26

libMovie.so PlayMovie
XOR curl libJni.so libJni.so (RC) Libfunc
C


MalBus
Ripple20 6 16 CISA ICS-CERT Treck TCP/IP 19 JSOF Ripple20
ARPIP ( 4 6)ICMPv4UDP TCP DNS DHCP Treck
( )
Ripple20 Shodan treck 1,000 Treck ( Linux Windows )


Ripple20 ( Treck IoT )
Ripple20
CISA ( )


(VPN) VPN VPN VPN
DNS DNS DNS DoH
IP


OneDrive OneDrive
COVID-19 COVID-19


WordPress OneDrive Microsoft
OneDrive
OneDrive
McAfee
McAfee COVID-19 — COVID-19
MVISION Insights —
McAfee —
Raj Samani
Christiaan Beek
John Fokker
Steve Povolny
Eoin Carroll
Thomas Roccia
Douglas McKee
27 McAfee Labs : 2020 11
McAfee Labs Advanced Threat Research McAfee Labs McAfee Advanced Threat Research Web McAfee Labs McAfee Advanced Threat Research
https://www.mcafee.com/enterprise/ja-jp/threat- center/mcafee-labs.html
Ripple20