Oct 06 2017

Latest Intelligence for September 2017

September saw Symantec uncover new activity by the Dragonfly group, and the start of several new Locky spam campaigns.

続きを読む
Sep 26 2017

McAfee Labs: Faceliker Surge Manipulates Facebook “Likes” to Promote News, Other Content

Criminals excel in manipulating the trust within human relationships, particularly as individuals project themselves into digital realms such as social media. We see it in phishing messages, which fool us into clicking on a malicious weblink from what appears to be a benign organization with which we do business. We also see it in the much discussed area of “fake news” on social networks, where readers are likely to take news reports “liked” by friends as legitimate news stories. Much has been written about how “fake news” is promoted by bots and other amplification services, and how such promotion may have had an impact on recent elections.

The McAfee Labs Threats Report: September 2017, released today, identifies a notable surge in similar activity by the Faceliker malware. This Trojan manipulates Facebook accounts clicks to artificially “like” certain content. Faceliker accounted for about 8.9% of the 52 million new malware samples detected in the quarter. It was a key driver in the 67% overall growth for the category during the period.

Faceliker is not the fault of Facebook. Rather, it is something users bring to Facebook.

Faceliker infects users’ browsers when they visit malicious or compromised websites. It then hijacks their Facebook account clicks in such a way that users think they are liking one thing, but the malware is redirecting the click. It acts on their behalf to click another “like” button without their knowledge or consent, essentially making each user an accomplice in the click fraud scheme.

Users aren’t negatively impacted by the Trojan, but they do appear to over-like certain content, skewing like-ratings through fraudulent inflation. The actors behind malware such as Faceliker sell their services to the actors behind the content.

Suspicious users can remove unrecognized likes by surveying their record of behavior in their activity log. To its credit, Facebook has put up defenses that detect fraudulent likes and ask a user to confirm that they intended to click as their browser appeared to click.

McAfee Labs Vice President Vincent Weafer has commented that as long as there is profit in such efforts, we should expect to see more such schemes in the future.

“Faceliker leverages and manipulates the social media and app-based communications we increasingly use today,” Weafer said. “By making apps or news articles appear more popular, accepted, and legitimate among friends, unknown actors can covertly influence the way we perceive value and even truth.”

Please see more threat statistics and trends analysis in this quarter’s report and follow us on Twitter at @McAfee_Labs.

The post McAfee Labs: Faceliker Surge Manipulates Facebook “Likes” to Promote News, Other Content appeared first on McAfee Blogs.

Sep 26 2017

McAfee Labs Threats Report Explores WannaCry/Petya, Threat Hunting, Script-Based Malware

Today we published the McAfee Labs Threats Report: September 2017. This quarter’s report shows off a new design. We hope you will find it attractive as well as informative. The report contains three highly educational topics, in addition to the usual set of threats statistics:

  • Earlier this year, WannaCry malware infected more than 300,000 computers in over 150 countries in less than 24 hours. Several weeks later, the malware Petya exploited the same operating systems’ flaw along with multiple other techniques to spread to other computers on the same network. These attacks exposed among other lessons the continued use of old and unsupported operating systems in critical areas and they laid bare the lax patch-update processes followed by some businesses. We explore the timeline and background of the WannaCry attack and Petya, its apparent follow-up; the vulnerabilities they exploited; a technical analysis of their infiltration and propagation methods; and our thoughts on the motives for these attacks and what they might lead to.
  • Threat hunting is a growing and evolving capability in cybersecurity, one with a broad definition and wide range of goals, but it is generally seen as a proactive approach to finding attacks and compromised machines without waiting for alerts. Threat hunting enables security operations to study the behaviors of attackers and build more visibility into attack chains. This results in a more proactive stance for the security operations center, shifting the focus to earlier detection, faster reaction times, and enhanced risk mitigation. In May, McAfee surveyed more than 700 IT and security professionals around the world to better understand how threat hunting is used in organizations today and how they plan to enhance their threat hunting capabilities in the future. We offer detailed advice and recommendations for using certain types of indicators of compromise when hunting for threats.
  • Cyberattackers often use scripting techniques in their assaults. Some attacks employ script-based malware at every stage, while others use it for a specific purpose. Script-based malware—written in the JavaScript, VBS, PHP, or PowerShell scripting languages—has been on the upswing during the last two years for a very simple reason: evasion. Scripts are easy to obfuscate and thus are difficult for security technology to detect. In this Key Topic, we discuss why cybercriminals leverage script-based malware, how script-based malware propagates, the types of malware that use scripts for distribution, ways in which authors obfuscate script-based malware, and how to protect against script-based malware.

Accompanying the first and last Key Topic are Solution Briefs that goes into detail about how McAfee products can protect against these threats.

Here are some highlights from our extensive analysis of threats activity in Q2:

  • Malware: New malware samples leaped in Q2 to 52 million, a 67% increase. The total number of malware samples grew 23% in the past four quarters to almost 723 million samples.
  • Ransomware: New ransomware samples again increased sharply in Q2, by 54%. The number of total ransomware samples grew 47% in the past four quarters to 10.7 million samples.
  • Mobile malware: Global infections of mobile devices rose by 8%, led by Asia with 18%. Total mobile malware grew 61% in the past four quarters to 18.4 million samples.
  • Incidents: We counted 311 publicly disclosed security incidents in Q2, an increase of 3% over Q1. The health, public, and education sectors comprised more than 50% of the total. 78% of all publicly disclosed security incidents in Q2 took place in the Americas.

Read the McAfee Labs Threats Report: September 2017.

The post McAfee Labs Threats Report Explores WannaCry/Petya, Threat Hunting, Script-Based Malware appeared first on McAfee Blogs.

Sep 08 2017

Latest Intelligence for August 2017

August saw increases in the malware and spam rates, and new phishing warnings from the IRS

続きを読む