IN the first quarter (Q1) of 2015, McAfee Labs registered a 165% increase in new ransomware driven largely by the new, hard-to-detect CTB-Locker ransomware family, a new ransomware family called Teslacrypt, and the emergence of new versions of CryptoWall, TorrentLocker, and BandarChor.
McAfee Labs attributes CTB-Locker’s success to clever techniques for evading security software, higher-quality phishing emails, and an ‘affiliate’ programme that offers accomplices a percentage of ransom payments in return for flooding cyberspace with CTB-Locker phishing messages.
The company suggests organisations and individuals make it a priority to learn how to recognise phishing emails, including the use of tools such as the Intel Security Phishing Quiz.
McAfee Labs, a division of Intel Security, has just released its McAfee Labs Threats Report: May 2015, which includes revelations on HDD and SSD (hard disk drive and solid state drive) firmware attacks by the Equation Group computer espionage group, and a major increase in malware targeting Adobe Flash multimedia software.
In a statement, McAfee Labs said the first quarter also saw new Adobe Flash malware samples increase by 317%.
Its researchers attribute the rise to several factors: The popularity of Adobe Flash as a technology; user delay in applying available patches; new methods to exploit product vulnerabilities; a steep increase in the number of mobile devices that can play Adobe Flash files (.swf); and the difficulty of detecting some Adobe Flash exploits.
Researchers are seeing a continued shift in focus among exploit kit developers, from Java archive and Microsoft Silverlight vulnerabilities to Adobe Flash vulnerabilities, McAfee Labs said in its statement.
Forty-two new Adobe Flash vulnerabilities were submitted to the National Vulnerability Database in Q1. On the same day those vulnerabilities were posted, Adobe made initial fixes available for all 42 vulnerabilities.
“With the popularity of a product like Flash, there comes a tremendous responsibility to proactively identify and mitigate security issues potentially threatening millions of users,” said Vincent Weafer, senior vice president, McAfee Labs.
“This research nicely illustrates how the tech industry works together constructively to gain an advantage in the realm of cybersecurity – industry partners sharing threat intelligence, and technology providers acting on information quickly to help prevent potential issues,” he added.
HDD, SDD firmware attacks
In February 2015, the cybersecurity community became aware of efforts by a secretive outfit called Equation Group to exploit HDD and SSD firmware.
McAfee Labs assessed the reprogramming modules exposed in February and found that they could be used to reprogram the firmware in SSDs, in addition to the previously-reported HDD reprogramming capability.
Once reprogrammed, the HDD and SSD firmware can reload associated malware each time infected systems boot and the malware persists even if the drives are reformatted or the operating system is reinstalled.
Once infected, security software cannot detect the associated malware stored in a hidden area of the drive.
“We at Intel take hybrid software-hardware threats and exploits seriously,” said Weafer.
“We have closely monitored both academic proofs of concept and in-the-wild cases of malware with firmware or BIOS (basic input/ output system) manipulation capabilities, and these Equation Group firmware attacks rank as some of the most sophisticated threats of their kind.
“While such malware has historically been deployed for highly-targeted attacks, enterprises should prepare themselves for the seemingly inevitable ‘off-the-shelf’ incarnations of such threats in the future,” he added.
McAfee Labs advises organisations to take steps to strengthen threat detection at the known initial attack vectors, such as phishing messages with malicious links and malware-infected USB drives and CDs, as well as consider solutions that can help prevent data exfiltration.
The May 2015 report also identified a number of other developments in the first quarter of 2015:
For more information, read the full report here.
Source – https://www.digitalnewsasia.com/digital-economy/165pc-surge-in-new-ransomware-in-q1-2015-mcafee-labs