Ransomware jumps 127%, IoT malware on rise too: McAfee
Cloud adoption has changed the nature of some attacks, as devices are attacked not for the small amount of data that they store, but as a path to where the important data resides.
Ransomware continues to grow very rapidly – with the number of new ransomware samples rising 58 percent in Q2. According to McAfee Labs Threats Report: August 2015 released by Intel, the total number of ransomware samples grew 127 percent from Q2 2014 to Q2 2015.
The security firm attributes the increase to fast-growing new families such as CTB-Locker, CryptoWall, and others.
In Q2, the total number of mobile malware samples grew 17 percent. But mobile malware infection rates declined about 1 percent per region this quarter.
The trend of decreasing botnet-generated spam volume continued through Q2, the report said, as the Kelihos botnet remained inactive. Slenfbot again claims the top rank, followed closely by Gamut, with Cutwail rounding out the top three.
Every hour in Q2 more than 6.7 million attempts were made to entice McAfee customers into connecting to risky URLs via emails, browser searches, etc, the report added. In addition, Every hour more than 19.2 million infected files were exposed to McAfee customers’ networks.
Every hour in Q2 an additional 7 million potentially unwanted programmes (PUPs) attempted installation or launch on McAfee-protected networks.
The report probes three proofs-of-concept (PoC) for malware exploiting graphics processing units (GPUs) in attacks.
While nearly all of today’s malware is designed to run from main system memory on the central processing unit (CPU), these PoCs use the efficiencies of these specialised hardware components designed to accelerate the creation of images for output to a display.
The scenarios suggest hackers will attempt to leverage GPUs for their raw processing power, using them to evade traditional malware defences by running code and storing data where traditional defences do not normally watch for malicious code.
Reviewing the PoCs, Intel Security agreed that moving portions of malicious code off of the CPU and host memory reduces the detection surface for host-based defenses. However, researchers argued that, at a minimum, trace elements of malicious activity remain in memory or CPUs, allowing endpoint security products to detect and remediate threats.
Additionally, the report also reviews the past five years of hardware and software threat evolution since Intel announced the acquisition of McAfee in August 2010.
The five-year threat landscape analysis suggests:
-- Intel Security foresaw threats targeting hardware and firmware components and threatening runtime integrity.
-- Increasingly evasive malware and long-running attacks did not surprise us but some of the specific tactics and techniques were unimagined five years ago.
-- Although the volume of mobile devices has increased even faster than we expected, serious broad-based attacks on those devices has grown much more slowly than we thought.
-- We are seeing just the beginnings of attacks and breaches against IoT devices.
-- Cloud adoption has changed the nature of some attacks, as devices are attacked not for the small amount of data that they store, but as a path to where the important data resides.
-- Cybercrime has grown into a full-fledged industry with suppliers, markets, service providers, financing, trading systems, and a proliferation of business models.
-- Businesses and consumers still do not pay sufficient attention to updates, patches, password security, security alerts, default configurations, and other easy but critical ways to secure cyber and physical assets.
-- The discovery and exploitation of core Internet vulnerabilities has demonstrated how some foundational technologies are underfunded and understaffed.
-- There is growing, positive collaboration between the security industry, academia, law enforcement, and governments to take down cybercriminal operations.