Value perception and adoption: 97% of respondents who report using shared threat intelligence believe that it enables them to provide better protection for their company.
Ransomware accelerates: New ransomware grew rapidly, increasing by 26% over the previous quarter.
Mobile malware jumps: Q415 saw a 72% quarter-over-quarter increase in new mobile malware samples.
Intel Security has released its McAfee Labs Threats Report: March 2016, which assesses the attitudes of 500 cybersecurity professionals toward cyber threat intelligence (CTI) sharing, examines the inner workings of the Adwind remote administration tool (RAT), and details surges in ransomware, mobile malware, and overall malware in Q415.
In 2015, Intel Security interviewed 500 security professionals in a wide variety of industries across North America, Asia Pacific, and Europe to gauge awareness of CTI, its perceived value in enterprise security, and which factors may stand in the way of greater implementation of CTI into security strategies. The findings include:
· Value perception and adoption. Of the 42% of respondents who report using shared threat intelligence, 97% believe that it enables them to provide better protection for their company. Of those participating respondents, 59% find such sharing to be “very valuable” to their organisations, while 38% find sharing to be “somewhat valuable.”
· Industry-specific intelligence. Nine in 10 (91%) of respondents voiced interest in industry-specific CTI, with 54% saying they were “very interested” and 37% responding “somewhat interested.” Sectors such as financial services and critical infrastructure stand to benefit most from such industry-specific CTI given the highly specialised nature of threats McAfee Labs has monitored in these two mission-critical industries.
· Willingness to share. Sixty-three percent of respondents indicate they may be willing to go beyond receiving shared CTI to actually contributing their own data, as long as it can be shared within a secure and private platform. However, the idea of sharing their own information is met with varying degrees of enthusiasm, with 24% responding they are “very likely” to share while 39% are “somewhat likely” to share.
· Sharing malware information. When asked what types of threat data they are willing to share, respondents say behaviour of malware (72%), followed by URL reputations (58%), external IP address reputations (54%), certificate reputations (43%), and file reputations (37%).
· Barriers to CTI. When asked why they have not implemented shared CTI in their enterprises, 54% of respondents identify corporate policy as the reason, followed by industry regulations (24%). The remainder of respondents whose organisations do not share data report being interested but need more information (24%), or are concerned shared data would be linked back to their firms or themselves as individuals (21%). These findings suggest a lack of experience with, or knowledge of, the varieties of CTI integration options available to the industry, as well as a lack of understanding of the legal implications of sharing CTI.
“Given the determination demonstrated by cybercriminals, CTI sharing will become an important tool in tilting the cybersecurity balance of power in favor of defenders,” said Vincent Weafer, VP of Intel Security’s McAfee Labs group. “But our survey suggests that high-value CTI must overcome the barriers of organisational policies, regulatory restrictions, risks associated with attribution, trust and a lack of implementation knowledge before its potential can be fully realised.”
This quarter’s report also assesses the Adwind remote administration tool (RAT), a Java-based backdoor Trojan that targets various platforms supporting Java files. Adwind is typically propagated through spam campaigns that employ malware-laden email attachments, compromised web pages and drive-by downloads. The McAfee Labs Report depicts a rapid increase in the number of .jar file samples identified by McAfee Labs researchers as Adwind, with 7,295 found in Q415, a leap of 426% from 1,388 in Q115.
Q415 threat statistics
· Ransomware accelerates again. After slowing slightly midyear, new ransomware regained its rapid growth rate, with a 26% quarter-over-quarter increase in Q415. Open-source ransomware code and ransomware-as-a-service continue to make it simpler to launch attacks, the Teslacrypt and CryptoWall 3 campaigns continue to extend their reach, and ransomware campaigns continue to be financially lucrative. An October 2015 analysis of the CryptoWall 3 ransomware hinted at the financial scale of such campaigns, when McAfee Labs researchers linked just one campaign’s operations to US$325 million in victim ransom payments.
· Mobile malware jumps. The fourth quarter of 2015 saw a 72% quarter-over-quarter increase in new mobile malware samples, as malware authors appear to have produced new malware faster.
· Rootkit malware collapses. The number of new rootkit malware samples dropped in Q4, continuing a long-term downward trend in this type of attack. McAfee Labs attributes some of this decline, which began in Q311, to ongoing customer adoption of 64-bit Intel processors coupled with 64-bit Microsoft Windows. These technologies include such features as Kernel Patch Protection and Secure Boot, which together help better protect against threats such as rootkit malware.
· Malware rebounds. After three quarters of decline, the total number of new malware samples resumed its ascent in Q4, with 42 million new malicious hashes discovered, 10% more than in Q3 and the second highest count ever recorded by McAfee Labs. In part, the growth in Q4 was driven by 2.3 million new mobile malware samples, or 1 million more than in Q3.
· Malicious signed binaries decline. The number of new malicious signed binaries has dropped each quarter for the past year, in Q415 reaching the lowest level since Q213. McAfee Labs believes the decline can be attributed in part to older certificates with significant presence in the dark market which are either expiring or being revoked as businesses migrate to stronger hashing functions. Also, technologies such as Smart Screen (part of Microsoft Internet Explorer but moving to other parts of Windows) represent additional tests of trust which might make the signing of malicious binaries less beneficial to malware authors.
Read the full report (PDF)
Ransomware accelerates: New ransomware grew rapidly, increasing by 26% over the previous quarter.
Mobile malware jumps: Q415 saw a 72% quarter-over-quarter increase in new mobile malware samples.
 |
| Source: Intel Security infographic. |
Intel Security has released its McAfee Labs Threats Report: March 2016, which assesses the attitudes of 500 cybersecurity professionals toward cyber threat intelligence (CTI) sharing, examines the inner workings of the Adwind remote administration tool (RAT), and details surges in ransomware, mobile malware, and overall malware in Q415.
In 2015, Intel Security interviewed 500 security professionals in a wide variety of industries across North America, Asia Pacific, and Europe to gauge awareness of CTI, its perceived value in enterprise security, and which factors may stand in the way of greater implementation of CTI into security strategies. The findings include:
· Value perception and adoption. Of the 42% of respondents who report using shared threat intelligence, 97% believe that it enables them to provide better protection for their company. Of those participating respondents, 59% find such sharing to be “very valuable” to their organisations, while 38% find sharing to be “somewhat valuable.”
· Industry-specific intelligence. Nine in 10 (91%) of respondents voiced interest in industry-specific CTI, with 54% saying they were “very interested” and 37% responding “somewhat interested.” Sectors such as financial services and critical infrastructure stand to benefit most from such industry-specific CTI given the highly specialised nature of threats McAfee Labs has monitored in these two mission-critical industries.
· Willingness to share. Sixty-three percent of respondents indicate they may be willing to go beyond receiving shared CTI to actually contributing their own data, as long as it can be shared within a secure and private platform. However, the idea of sharing their own information is met with varying degrees of enthusiasm, with 24% responding they are “very likely” to share while 39% are “somewhat likely” to share.
· Sharing malware information. When asked what types of threat data they are willing to share, respondents say behaviour of malware (72%), followed by URL reputations (58%), external IP address reputations (54%), certificate reputations (43%), and file reputations (37%).
· Barriers to CTI. When asked why they have not implemented shared CTI in their enterprises, 54% of respondents identify corporate policy as the reason, followed by industry regulations (24%). The remainder of respondents whose organisations do not share data report being interested but need more information (24%), or are concerned shared data would be linked back to their firms or themselves as individuals (21%). These findings suggest a lack of experience with, or knowledge of, the varieties of CTI integration options available to the industry, as well as a lack of understanding of the legal implications of sharing CTI.
“Given the determination demonstrated by cybercriminals, CTI sharing will become an important tool in tilting the cybersecurity balance of power in favor of defenders,” said Vincent Weafer, VP of Intel Security’s McAfee Labs group. “But our survey suggests that high-value CTI must overcome the barriers of organisational policies, regulatory restrictions, risks associated with attribution, trust and a lack of implementation knowledge before its potential can be fully realised.”
This quarter’s report also assesses the Adwind remote administration tool (RAT), a Java-based backdoor Trojan that targets various platforms supporting Java files. Adwind is typically propagated through spam campaigns that employ malware-laden email attachments, compromised web pages and drive-by downloads. The McAfee Labs Report depicts a rapid increase in the number of .jar file samples identified by McAfee Labs researchers as Adwind, with 7,295 found in Q415, a leap of 426% from 1,388 in Q115.
Q415 threat statistics
· Ransomware accelerates again. After slowing slightly midyear, new ransomware regained its rapid growth rate, with a 26% quarter-over-quarter increase in Q415. Open-source ransomware code and ransomware-as-a-service continue to make it simpler to launch attacks, the Teslacrypt and CryptoWall 3 campaigns continue to extend their reach, and ransomware campaigns continue to be financially lucrative. An October 2015 analysis of the CryptoWall 3 ransomware hinted at the financial scale of such campaigns, when McAfee Labs researchers linked just one campaign’s operations to US$325 million in victim ransom payments.
· Mobile malware jumps. The fourth quarter of 2015 saw a 72% quarter-over-quarter increase in new mobile malware samples, as malware authors appear to have produced new malware faster.
· Rootkit malware collapses. The number of new rootkit malware samples dropped in Q4, continuing a long-term downward trend in this type of attack. McAfee Labs attributes some of this decline, which began in Q311, to ongoing customer adoption of 64-bit Intel processors coupled with 64-bit Microsoft Windows. These technologies include such features as Kernel Patch Protection and Secure Boot, which together help better protect against threats such as rootkit malware.
· Malware rebounds. After three quarters of decline, the total number of new malware samples resumed its ascent in Q4, with 42 million new malicious hashes discovered, 10% more than in Q3 and the second highest count ever recorded by McAfee Labs. In part, the growth in Q4 was driven by 2.3 million new mobile malware samples, or 1 million more than in Q3.
· Malicious signed binaries decline. The number of new malicious signed binaries has dropped each quarter for the past year, in Q415 reaching the lowest level since Q213. McAfee Labs believes the decline can be attributed in part to older certificates with significant presence in the dark market which are either expiring or being revoked as businesses migrate to stronger hashing functions. Also, technologies such as Smart Screen (part of Microsoft Internet Explorer but moving to other parts of Windows) represent additional tests of trust which might make the signing of malicious binaries less beneficial to malware authors.
Read the full report (PDF)
posted from Bloggeroid
No comments:
Post a Comment