Intel Security has released its McAfee Labs Threats Report: May 2015, which includes revelations on the rapid proliferation of new ransom-ware, HDD & SSD firmware attacks by the Equation Group computer espionage group and a major increase in malware targeting Adobe Flash multimedia software.

Intel_Security

In the first quarter of 2015, McAfee Labs registered a 165 percent increase in new ransom-ware driven largely by the new, hard-to-detect CTB-Locker ransom-ware family, a new ransom-ware family called Teslacrypt & the emergence of new versions of CryptoWall, TorrentLocker & BandarChor.

McAfee Labs attributes CTB-Locker’s success to clever techniques for evading security software, higher-quality phishing emails & an “affiliate” program that offers accomplices a percentage of ransom payments in return for flooding cyberspace with CTB-Locker phishing messages.

McAfee Labs suggests organizations and individuals make it a priority to learn how to recognize phishing emails, including the use of tools such as the Intel Security Phishing Quiz:  Phishing Quiz Link

The first quarter also saw new Adobe Flash malware samples increase by 317 percent,  researchers attribute the rise to several factors

  • The popularity of Adobe Flash as a technology; user delay in applying available Adobe Flash patches; new methods to exploit product vulnerabilities
  • A steep increase in the number of mobile devices that can play Adobe Flash files (.swf); and the difficulty of detecting some Adobe Flash exploits. Researchers are seeing a continued shift in focus among exploit kit developers, from Java archive and Microsoft Silverlight vulnerabilities to Adobe Flash vulnerabilities.

To fully leverage vendor efforts to address vulnerabilities, McAfee Labs urges organizations and individual users to be more diligent in keeping their products updated with the latest security patches.

What can HDD and SSD do

In February 2015, the cyber security community became aware of efforts by a secretive outfit called Equation Group to exploit HDD and SSD firmware. McAfee Labs assessed the reprogramming modules exposed in February and found that they could be used to reprogram the firmware in SSDs in addition to the previously-reported HDD reprogramming capability.

Once reprogrammed, the HDD and SSD firmware can reload associated malware each time infected systems boot and the malware persists even if the drives are reformatted or the operating system is reinstalled. Once infected, security software cannot detect the associated malware stored in a hidden area of the drive.

Detailed insights of McAfee Labs Threats Report[May 2015]

PC Malware Growth : The first quarter saw a slight decline in new PC malware, a development primarily due to the activity of one adware family, Soft Pulse, which spiked in Q4 2014 and returned to normal levels in Q1 2015. The McAfee Labs malware “zoo” grew 13 percent during that time, and now contains 400 million samples.

Mobile Malware :  The number of new mobile malware samples jumped by 49 percent from Q4 2014 to Q1 2015.

SSL-Attacks : SSL-related attacks continued in Q1 2015, although they tapered off in number relative to Q4 2014. This reduction is likely the result of SSL library updates that have eliminated many of the vulnerabilities exploited in prior quarters. Shellshock attacks are still quite prevalent since their emergence late last year.

Spam Botnets : The Dyre, Dridex and Darkmailer3.Slenfbot botnets overtook Festi and Darkmailer2 as the top spam networks; pushing pharmaceuticals, stolen credit cards & “shady” social-media marketing tools

McAfee Labs Threats Report: May 2015 can be downloaded from here

Intel Security released its McAfee Labs Threats Report: February 2015, including assessments of the mobile threat landscape and the failure of mobile app developers to patch critical Secure Sockets Layer [SSL] vulnerabilities, potentially impacting millions of mobile phone users.  McAfee Labs also revealed details on the increasingly popular Angler exploit kit, and warned of increasingly aggressive Potentially Unwanted Programs [PUP’s] that change system settings & gather personal information without the knowledge of users.

McAfee Labs researchers found that mobile app providers have been slow to address the most basic SSL vulnerabilities: Improper digital certificate chain validation. In September 2014, the Computer Emergency Response Team [CERT] at Carnegie Mellon University released a list of mobile apps possessing this weakness, including apps with millions of downloads to their credit.

mfe_primary_logo_rgb

In January, McAfee Labs tested the 25 most popular apps on CERT’s list of vulnerable mobile apps that send login credentials through insecure connections and found that 18 still have not been patched despite public disclosure, vendor notification, and, in some cases, multiple version updates addressing concerns other than security. McAfee Labs researchers simulated man-in-the-middle (MITM) attacks that successfully intercepted information shared during supposedly secure SSL sessions. The vulnerable data included usernames and passwords and in some instances, login credentials from social networks and other third party services.

Although there is no evidence that these mobile apps have been exploited, the cumulative number of downloads for these apps ranges into the hundreds of millions. Given these numbers, McAfee Labs’ findings suggest that the choice by mobile app developers to not patch the SSL vulnerabilities has potentially put millions of users at risk of becoming targets of MITM attacks.

This crimeware package contains easy-to-use attack features and new capabilities such as file-less infection, virtual machine and security product evasion, and the ability to deliver a wide range of payloads including banking Trojans, rootkits, ransomware, CryptoLocker & backdoor Trojans.

Some of the highlights of the report are below:

Mobile Malware

McAfee Labs reported that mobile malware samples grew 14 percent during the fourth quarter of 2014, with Asia and Africa registering the highest infection rates. At least 8 percent of all McAfee-monitored mobile systems reported an infection in Q4 2014, with much of the activity being attributed to the AirPush ad network.

Potentially Unwanted Programs

In Q4, McAfee Labs detected PUPs on 91 million systems each day. McAfee Labs sees PUPs becoming more and more aggressive, posing as legitimate apps while performing unauthorized actions such as displaying unintended ads, modifying browser settings, or collecting user and system data.

Ransomware

Beginning in Q3, the number of new ransomware samples began to grow again after a four-quarter decline. In Q4, the number of new samples grew 155 percent.

Signed Malware

After a brief drop in new malicious signed binaries, the pace of growth resumed in Q4 with a 17 percent increase in total signed binaries.

Total Malware

McAfee Labs now detects 387 new samples of malware every minute, or more than six every second.

The full McAfee Labs Threats Report: February 2015 can be downloaded from here