Ransomware sees 165 percent increase in 2015
The first quarter of this year saw a 165 percent increase in new ransomware driven largely by the new, hard-to-detect CTB-Locker ransomware family, a new ransomware family called Teslacrypt, and the emergence of new versions of CryptoWall, TorrentLocker and BandarChor.
This is the main finding of the latest McAfee Labs Threats Report released today by Intel Security. Among other highlights are a 317 percent increase in Adobe Flash malware samples and the emergence of new efforts to exploit hard drive and SSD firmware.
Part of the CTB-Locker ransomware's success is down to clever techniques for evading security software, higher-quality phishing emails, and an 'affiliate' program that offers accomplices a percentage of any ransom payments in return for flooding cyberspace with CTB-Locker phishing messages.
McAfee Labs suggests that organizations and individuals need to learn how to recognize phishing emails and has launched an online quiz to help develop your skills.
The rise of Flash malware is put down to the popularity of Adobe Flash as a technology, user delay in applying available patches, new methods to exploit product vulnerabilities, a steep increase in the number of mobile devices that can play Adobe Flash files (.swf) and the difficulty of detecting some Flash exploits. In the first quarter 42 new Adobe Flash vulnerabilities were submitted to the National Vulnerability Database though initial fixes were made available for all 42 on the same day they were posted.
"With the popularity of a product like Flash, there comes a tremendous responsibility to proactively identify and mitigate security issues potentially threatening millions of users," says Vincent Weafer, senior vice president, McAfee Labs. "This research nicely illustrates how the tech industry works together constructively to gain an advantage in the realm of cybersecurity -- industry partners sharing threat intelligence, and technology providers acting on information quickly to help prevent potential issues".
The HDD and SSD firmware issues were uncovered in February 2015 when the cybersecurity community became aware of efforts by a secretive outfit called Equation Group. McAfee Labs has analyzed modules that could be used to reprogram the firmware in SSDs in addition to previously-reported HDD reprogramming capability. Once reprogrammed, the firmware can reload associated malware each time infected systems boot and the malware persists even if the drives are reformatted or the operating system is reinstalled. Once infected, security software can't detect the associated malware which is stored in a hidden area of the drive.
Other findings are a slight decline in PC malware growth but a jump in mobile malware samples of 49 percent. SSL attacks have continued too although they're down on the levels reported in the last quarter of 2014.
There's more detailed information in the full report which is available as a PDF on the McAfee Labs website.