[September 01, 2015] |
|
McAfee Labs Report Reviews Five Years of Hardware and Software Threat Evolution
Intel (News - Alert)® Security today released its McAfee
Labs Threats Report: August 2015, which includes a critique
of graphics processing unit (GPU) malware claims, an investigation of
the top cybercriminal exfiltration techniques, and a five-year
retrospective on the evolution of the threat landscape since Intel
Corporation's announcement of the McAfee (News - Alert) acquisition.
McAfee Labs commemorates the five-year anniversary of the Intel-McAfee
union by comparing what researchers thought would happen beginning in
2010 with what actually happened in the realm of hardware and software
security threats. Key researchers and executives reviewed our
predictions on the security capabilities of silicon, the challenges of
emerging hard-to-detect attacks, and our 2010 expectations for new
device types versus the reality of the marketplace.
The five-year threat landscape analysis suggests:
-
Intel Security foresaw threats targeting hardware and firmware
components and threatening runtime integrity
-
Increasingly evasive malware and long-running attacks did not surprise
us but some of the specific tactics and techniques were unimagined
five years ago
-
Although the volume of mobile devices has increased even faster than
we expected, serious broad-based attacks on those devices has grown
much more slowly than we thought
-
We are seeing just the beginnings of attacks and breaches against IoT
devices
-
Cloud adoption has changed the nature of some attacks, as devices are
attacked not for the small amount of data that they store, but as a
path to where the important data resides
-
Cybercrime has grown into a full-fledged industry with suppliers,
markets, service providers, financing, trading systems and a
proliferation of business models
-
Businesses and consumers still do not pay sufficient attention to
updates, patches, password security, security alerts, default
configurations, and other easy but critical ways to secure cyber and
physical assets
-
The discovery and exploitation of core Internet vulnerabilities has
demonstrated how some foundational technologies are underfunded and
understaffed
-
There is growing, positive collaboration between the security
industry, academia, law enforcement and governments to take down
cybercriminal operations
"We were impressed by the degree to which three key factors - expanding
attack surfaces, the industrialization of hacking, and the complexity
and fragmentation of the IT security market - accelerated the evolution
of threats, and size and frequency of attacks," said Vincent Weafer,
senior vice president, Intel Security's McAfee Labs. "To keep pace with
such momentum, the cybersecurity community must continue to improve
threat intelligence sharing, recruit more security professionals,
accelerae security technology innovation, and continue to engage
governments so they can fulfill their role to protect citizens in
cyberspace."
The August report also probes into the details of three
proofs-of-concept (PoC) for malware exploiting GPUs in attacks. While
nearly all of today's malware is designed to run from main system memory
on the central processing unit (CPU), these PoCs leverage the
efficiencies of these specialized hardware components designed to
accelerate the creation of images for output to a display. The scenarios
suggest hackers will attempt to leverage GPUs for their raw processing
power, using them to evade traditional malware defenses by running code
and storing data where traditional defenses do not normally watch for
malicious code.
Reviewing the PoCs, Intel Security agrees that moving portions of
malicious code off of the CPU and host memory reduces the detection
surface for host-based defenses. However, researchers argue that, at a
minimum, trace elements of malicious activity remain in memory or CPUs,
allowing endpoint security products to detect and remediate threats.
McAfee Labs also details techniques cybercriminals use to exfiltrate a
wide variety of information on individuals from corporate networks:
names, dates of birth, addresses, phone numbers, social security
numbers, credit and debit card numbers, health care information, account
credentials, and even sexual preferences. In addition to tactics and
techniques used by attackers, this analysis examines attacker types,
their motivations, and their likely targets, as well as the policies
businesses should embrace to better detect exfiltration.
The August 2015 report also identified a number of other developments in
the second quarter of 2015:
-
Ransomware. Ransomware continues to grow very rapidly - with
the number of new ransomware samples rising 58% in Q2. The total
number of ransomware samples grew 127% from Q2 2014 to Q2 2015. We
attribute the increase to fast-growing new families such as
CTB-Locker, CryptoWall, and others.
-
Mobile slump. The total number of mobile malware samples grew
17% in Q2. But mobile malware infection rates declined about 1% per
region this quarter, with the exception of North America, which
dropped almost 4%, and Africa, which was unchanged.
-
Spam botnets. The trend of decreasing botnet-generated spam
volume continued through Q2, as the Kelihos botnet remained inactive.
Slenfbot again claims the top rank, followed closely by Gamut, with
Cutwail rounding out the top three.
-
Suspect URLs. Every hour in Q2 more than 6.7 million attempts
were made to entice McAfee customers into connecting to risky URLs via
emails, browser searches, etc.
-
Infected files. Every hour in Q2 more than 19.2 million
infected files were exposed to McAfee customers' networks.
-
PUPs up. Every hour in Q2 an additional 7 million potentially
unwanted programs (PUPs) attempted installation or launch on
McAfee-protected networks.
For more information, please read the full report: McAfee
Labs Threats Report: August 2015.
For guidance on how organizations can better protect their enterprise
from the threats detailed in this quarter's report, please visit: Enterprise
Blog.
About McAfee Labs
McAfee Labs is the threat research division of Intel Security and one of
the world's leading sources for threat research, threat intelligence,
and cybersecurity thought leadership. The McAfee Labs team of more than
400 researchers collects threat data from millions of sensors across key
threat vectors-file, web, message, and network. It then performs
cross-vector threat correlation analysis and delivers real-time threat
intelligence to tightly integrated McAfee endpoint, content, and network
security products through its cloud-based McAfee Global Threat
Intelligence service. McAfee Labs also develops core threat detection
technologies-such as application profiling, and graylist management-that
are incorporated into the broadest security product portfolio in the
industry.
About Intel Security
McAfee Labs is now part of Intel Security. With its Security Connected
strategy, innovative approach to hardware-enhanced security, and unique
McAfee Global Threat Intelligence, Intel Security is intensely focused
on developing proactive, proven security solutions and services that
protect systems, networks, and mobile devices for business and personal
use around the world. Intel Security is combining the experience and
expertise of McAfee with the innovation and proven performance of Intel
to make security an essential ingredient in every architecture and on
every computing platform. The mission of Intel Security is to give
everyone the confidence to live and work safely and securely in the
digital world. www.intelsecurity.com.
No computer system can be absolutely secure.
Note: Intel and the Intel and McAfee logos, are trademarks of Intel
Corporation or McAfee, Inc. in the US and/or other countries.
*Other names and brands may be claimed as the property of others.
View source version on businesswire.com: http://www.businesswire.com/news/home/20150831005241/en/
[ Back To Mobile World Congress's Homepage ]
|