I can pretty much sum up the McAfee Labs Threats Report in these four words “we’re still in trouble.” While we all hope things are getting better, according to this well researched report things aren’t only still getting worse they are getting worse at an increasing rate of speed.
We got a little bit of a reprieve when software more aggressively moved to the more secure 64-bit architecture but, apparently, this reprieve was short lived and even root kits, which had been on the decline, have started to increase again.
Apparently there are huge numbers of people with programing skills that have discovered safe illegal ways to make money by stealing from us.
Let’s deal with the really scary stuff in the report first. If you look at total mobile malware, McAfee had only identified a few thousand instances in the first quarter of 2012. They are now tracking nearly 4M unique forms of malware targeting mobile devices. In terms of new mobile malware we are running at about 800,000 instances a quarter with a rate of increase holding relatively steady at around %15 per quarter. This is mobile only.
One piece of good news is Ransomware, malware that bricks your device and then asks for a ransom to give you back access, appears to be on the decline, likely because more and more people are using cloud storage to back up their critical files so they don’t have to pay the Ransom. This is down to about a half where it was in the second quarter of 2013.
Web attacks through hostile URLs have more than doubled in a year, going from nearly 8M instances to over 18M in that time. The location of the servers hosting dangerous content is mostly in the US, along with phishing sites and SPAM URLs, suggesting a general failure in US law enforcement to curtail this activity. We generally blame Russia, China or some other country but it appears we are the source of much of our own pain.
I imagine many of these servers have been hijacked, but given liability could flow to the company with the hostile server. This also suggests a massive unreported potential liability for some of these firms.
64Bit systems are being penetrated because legitimate keys have been stolen and circulated to gain access to them. Singed malware has gone from 1M instances in the 4th quarter of 2012 to nearly $3M today.
Network attacks by order of preference are DOS 25%, Brute Force 18%, Browser 16%, Worm 9%, RPC 4%, and scan 4%; with 24% in a wide variety of other areas. This breakdown supports McAfee’s recent switch to focus more on reporting attempted breaches rather than just successful ones. Most of these look like they can be mitigated if the attempt is identified and addressed and the volume of attacks suggests the damage connected to a full breach will increasingly be catastrophic.
A lot of malware is getting onto phones through games or Adobe updates and attacking services like the Google Wallet or Facebook’s Whatsapp, both of which are identified by name in the report.
An Adobe update looks for the Google wallet and then operates in the background to send the cash it contains to the attacker. It is rather impressive how it gets around the authentication steps. The report recommends that app developers take steps to prevent these attacks but until one is held liable I wouldn’t hold my breath that they’ll do it. This suggests that employees, particularly executives, should not be using personal messaging systems like WhatsApp on business phones and that anything going on the phone, especially games, should be coming in from a IT approved and curated application site.
One interesting statistic is that botnet mining, especially on mobile devices, isn’t profitable. The problem is that users of botnet software designed to do this aren’t aware of that and the folks that sell this software are certainly not going to point out that using it isn’t profitable. This kind of suggests that just pointing out that users of botnet software are themselves being scammed might best address the botnet problem.
Flappy Bird created a massive number of malware infected clones. The game that started the craze was pulled, which created a huge market for copies and some of those copies were designed to do harm. Given this happened once it is likely to happen again. A warning against free clones of popular games or maintaining a game white list or using MDM that only allowed white listed games would seem to be a good way to mitigate what will undoubtedly be a recurring problem.
Much of what McAfee has identified can be mitigated but only if there is a focused attempt to both understand the threats and change your approach to address them. The numbers clearly showcase that the threat of a major breach is increasing at a near exponential rate and that the old saying that there are two kinds of companies – ones that report a breach and ones that haven’t reported one yet – is going to become increasingly true. You can’t hide from this increasing problem. If you try there is no doubt it will come back and bite you in the hindquarters.
Personally I look forward to the day when I get a report like this and don’t have a “holy crap” moment. I doubt I’ll live long enough.
Photo courtesy of Shutterstock.