Mar 31 2016

Quarterly Threat Report: What Do the Numbers Mean to Me?

Every quarter, the team at McAfee Labs releases a threat report detailing information about the latest trends in malware and cybersecurity.  This “Cyber State of the Union” provides a lot of great insights but may seem a bit overwhelming to someone who doesn’t work in the security industry.   We’ve really reached a point where information security is something that impacts practically everyone, so I thought it would be a good to go through the report and put some context around the numbers.

The first thing we want to take a look at is the total malware number.  As you would expect, our Labs team finds a lot of malware.

Total Malware

Total Malware

As of the end of 2015, our total collected malware was approaching almost 500 million unique pieces of malware.  Almost half a billion threats running around out there!  What should really put that number into perspective is if you take a look at the far left of the chart and see that at the beginning of 2014, there were barely over 200 million malware samples.  So over the course of 2 years, the amount of malware has more than doubled.  If malware were rain, we have gone from “better take an umbrella” to “get your goulashes.”

The next important number we need to look at is the “Total Mobile Malware” number.  This number represents the number of unique malware that is targeting a mobile operating system.  This does include tablets that are running Android and iOS as well.

Mobile Malware Totals

Mobile Malware Totals

There are two points to pay attention to in this chart.  At the beginning of 2014, the total was around 4 million but by the end of 2015, it was slightly over 12 million.  That’s more than triple growth in 2 years.  There are a number of factors that contributed to this increase, but overall it shows that cybercriminals are definitely paying much more attention to attacking people on their smartphones and tablets.  It makes a certain amount of sense if you think about it.  We do more and more on our smartphones every day, from shopping to paying our bills.  This of course makes them a much more enticing target.  For more information on the state of mobile malware and why we’re seeing such huge increases, you can check out my previous post on the topic, or read the full Mobile Threat Report.

 

Think Macs don’t get malware?

Total Mac OS Malware

Total Mac OS Malware

Your eyes were drawn to the huge upswing in 2015, right?  As we moved into 2015, we saw a huge uptick in malware targeting Macs.  Historically there has been the urban myth that Macs are more secure than PCs, when in reality it’s really just a matter of targets of opportunity.  There have historically just been more PCs in circulation and a cybercriminal wants to use malware that will infect the largest number of systems possible.   As the number of Macs in use continues to grow, we expect to see an increase in the amount of malware targeting the Mac OS.    If you have a Mac, you are not immune to malware.

And last, but certainly not least, we have ransomware.

Total Ransomware

Total Ransomware

If you’re not familiar with ransomware, please take a moment to read my previous post.  Ransomware has proven to be a low risk, high-reward way for cybercriminals to cash in.  As you can see, the amount of ransomware doubled in just 2015 alone.  There are a number of reasons for this, including ransomware-as-a-service and do-it-yourself ransomware kits that make it extremely easy for someone with little to no coding ability to launch a ransomware attack.  Enough people infected with ransomware find themselves without adequate backup or recovery options that cybercriminals continue to profit with this method.

 

Key Takeaways

  1. The total number of malware has doubled in the past 2 years, reaching almost half a billion unique samples.
  2. Malware targeting smartphones and tablets has tripled in the past 2 years, showing that cybercriminals are paying much more attention to mobile devices.
  3. Attacks against Macs are increasing dramatically. If you have a Mac, you are not immune to attack.
  4. Ransomware continues to grow. This threat impacts everyone from people at home to small businesses, to large organizations.

 

How do I stay safe?

  1. Update: Keeping your devices up to date with the latest security and operating system patches is a great first line of defense against malware.  Malware targets software bugs to infect your system, so installing the latest patches can help reduce your risk.

 

  1. Be suspicious: Cybercriminals use the standard tried and true methods for spreading ransomware, so take extra care to not click on a suspicious link or attachment. What makes it suspicious?  Maybe it’s an oddly worded email pretending to be your bank asking for more information.  It could be an unexpected attachment from someone in your contact list.  If you weren’t expecting someone to send you an attachment, call or text them to double check.

 

  1. Run anti-virus on your system: While the two steps above will keep a lot of malware out, it is still very important to run anti-virus on your system to protect against new exploits that aren’t yet fixed by an update or attacks like drive by downloads. The cost of anti-virus software will be dramatically less than what cybercriminals will demand in ransom!

 

  1. Backup, backup, backup: Most malware can be really difficult to completely remove from your system once it has wormed its way in, so sometimes the only way to be completely clean is to restore from a backup. If your system becomes encrypted due to ransomware, your only options may be to either pay the ransom, restore from a backup or lose your files completely.  There are many options out there for backing up your data reliably and safely.

Stay on top of the latest consumer and mobile security threats by following me and @IntelSec_Home on Twitter, and ‘Like’ us on Facebook.

Stay safe!

The post Quarterly Threat Report: What Do the Numbers Mean to Me? appeared first on McAfee.

Mar 31 2016

Weakness in iOS enterprise hooks could let bad apps sneak in

A slide from Check Point's presentation on "SideStepper" showing a malicious server pushing a fraudulent application to an iOS 9 device--all thanks to MDM hacking and Apple enterprise developer certificates. (credit: Check Point Software Technologies Ltd.)

Security researchers at Check Point Software claim to have found a weakness in Apple's mobile device management (MDM) interface for iOS devices that could be exploited to gain complete access to devices. Dubbed "SideStepper," the approach could allow an attacker to hijack enterprise management functions and bypass Apple's application security.

By sending a link to a victim's device, someone could take control of the MDM software on the phone and push potentially malicious applications to the device as well as perform other configuration changes as a remote administrator. While Apple's security screening for the applications it allows into its App Store is rigorous, there is a backdoor left in the screening process: enterprise app stores. And new research by Check Point being presented at Black Hat Asia 2016 shows that even with security improvements in iOS 9, attackers can kick that backdoor in by hijacking the enterprise management connection.

As long as they've registered with Apple's enterprise developer program to get a software signing certificate, attackers can social engineer victims into consenting to install applications that expose nearly every aspect of their phone's settings and data simply by abusing enterprise policy settings.

Read 7 remaining paragraphs | Comments

Mar 31 2016

Most prevalent Android ransomware in the West arrives in Japan

Android.Lockdroid ransomware expands to Asia by targeting Japan first. The malware poses as a system update and locks the device from use.

続きを読む
Mar 30 2016

Maryland hospital group hit by ransomware launched from within [Updated]

Baltimore's Union Memorial is one of the hopitals hit by Samsam, an autonomous ransomware strain spread by exploiting JBoss servers. (credit: MedStar)

Baltimore's Union Memorial Hospital is the epicenter of a malware attack upon its parent organization, MedStar. Data at Union Memorial and other MedStar hospitals in Maryland have been encrypted by ransomware spread across the network, and the operators of the malware are offering a bulk deal: 45 bitcoins (about $18,500) for the keys to unlock all the affected systems.

Reuters reports that the FBI issued a confidential urgent "Flash" message to the industry about the threat of Samsam on March 25, seeking assistance in fighting the ransomware and pleading, "We need your help!" The FBI's cyber center also shared signature data for Samsam activity to help organizations screen for infections. But the number of potential targets remains vast, and the FBI was concerned that entire networks could fall victim to the ransomware.

According to sources who spoke to the Baltimore Sun, the malware involved in MedStar's outages is Samsam, also known as Samas and MSIL. The subject of a recent confidential FBI cyber-alert, Samsam is form of malware that uses well-known exploits in the JBoss application server and other Java-based application platforms. As Ars reported on Monday, Samsam uses exploits published as part of JexBoss, an open-source security and penetration testing tool for checking JBoss servers for misconfiguration.

Read 5 remaining paragraphs | Comments