The McAfee Labs Threats Report: May 2015 has recorded a 165 per cent surge in new ransomware in the 2015 first quarter, with McAfee praising Adobe for its speed in addressing 42 Adobe Flash vulnerabilities during the quarter.McAfee stated the new strains of ransomware comprise a new, hard-to-detect CTB-Locker ransomware family, a new ransomware family called Teslacrypt, and new versions of CryptoWall, TorrentLocker and BandarChor.
“McAfee Labs attributes CTB-Locker’s success to clever techniques for evading security software, higher-quality phishing emails, and an ‘affiliate’ program that offers accomplices a percentage of ransom payments in return for flooding cyberspace with CTB-Locker phishing messages,” McAfee stated.
Meanwhile, Adobe Flash malware samples surged 317 per cent, with attackers shifting their focus from Java archive and Microsoft Silverlight vulnerabilities.
McAfee has attributed this to a number of factors, including: the popularity of Flash as a technology, user delay in applying available Flash patches, and new methods to exploit product vulnerabilities, along with a steep increase in the number of mobile devices that can play Flash files, and the difficulty of detecting some Flash exploits.
However, while Flash malware is on the rise, Adobe has been proactive in addressing security concerns. McAfee noted that of 42 new Flash vulnerabilities submitted to the National Vulnerability Database in the first quarter, Adobe made initial fixes available for all 42 vulnerabilities on the same day they were posted.
“With the popularity of a product like Flash, there comes a tremendous responsibility to proactively identify and mitigate security issues potentially threatening millions of users,” Vincent Weafer, McAfee Labs senior vice president, commented.
“This research nicely illustrates how the tech industry works together constructively to gain an advantage in the realm of cybersecurity – industry partners sharing threat intelligence, and technology providers acting on information quickly to help prevent potential issues.”
McAfee additionally noted than an outfit called Equation Group, which became known to the cybersecurity community earlier in the year, has been exploiting HDD and SSD firmware, with the malware loading each time the system boots and persisting even if drives are reformatted or the operating system is reinstalled.
Security software cannot detect the associated malware, which is stored in a hidden area of the drive, once infected, McAfee noted.
“We have closely monitored both academic proofs-of-concept and in-the-wild cases of malware with firmware or BIOS manipulation capabilities, and these Equation Group firmware attacks rank as some of the most sophisticated threats of their kind,” Weafer commented.
“While such malware has historically been deployed for highly targeted attacks, enterprises should prepare themselves for the seemingly inevitable ‘off-the-shelf’ incarnations of such threats in the future.”
The report additionally found that while mobile malware is on the rise, PC malware saw a slight decline in quarter one.
McAfee attributed the decline in PC malware primarily due to the activity of one adware family, SoftPulse, which, having spiked in the 2014 fourth quarter, returned to normal levels in quarter one. Meanwhile, the number of new mobile malware samples jumped by 49 per cent from quarter four to quarter one.