Connections +

McAfee Labs reports new ransomware surged 165% in Q1 2015

June 9, 2015  

Print this page

Intel Security today released its McAfee Labs Threats Report: May 2015, which includes revelations on the rapid proliferation of new ransomware, HDD and SSD firmware attacks by the Equation Group computer espionage group, and a major increase in malware targeting Adobe Flash multimedia software.

In the first quarter of 2015, McAfee Labs said it registered a 165% increase in new ransomware driven largely by the new, hard-to-detect CTB-Locker ransomware family, a new ransomware family called Teslacrypt, and the emergence of new versions of CryptoWall, TorrentLocker, and BandarChor.

McAfee Labs attributes CTB-Locker’s success to clever techniques for evading security software, higher-quality phishing emails, and an “affiliate” program that offers accomplices a percentage of ransom payments in return for flooding cyberspace with CTB-Locker phishing messages.

It recommended that “organizations and individuals make it a priority to learn how to recognize phishing emails.

The first quarter also saw new Adobe Flash malware samples increase by 317%. Researchers attribute the rise to several factors: the popularity of Adobe Flash as a technology; user delay in applying available Adobe Flash patches; new methods to exploit product vulnerabilities; a steep increase in the number of mobile devices that can play Adobe Flash files (.swf); and the difficulty of detecting some Adobe Flash exploits. Researchers are seeing a continued shift in focus among exploit kit developers, from Java archive and Microsoft Silverlight vulnerabilities to Adobe Flash vulnerabilities.

“With the popularity of a product like Flash, there comes a tremendous responsibility to proactively identify and mitigate security issues potentially threatening millions of users,” said Vincent Weafer, senior vice president of McAfee Labs.

The report also identified a number of other developments  including:

  • PC Malware Growth. The first quarter saw a slight decline in new PC malware, a development primarily due to the activity of one adware family, SoftPulse, which spiked in Q4 2014 and returned to normal levels in Q1 2015. The McAfee Labs malware “zoo” grew 13% during that time, and now contains 400 million samples.
  • Mobile Malware. The number of new mobile malware samples jumped by 49% from Q4 2014 to Q1 2015.
  • SSL-Attacks. SSL-related attacks continued in Q1 2015, although they tapered off in number relative to Q4 2014. This reduction is likely the result of SSL library updates that have eliminated many of the vulnerabilities exploited in prior quarters, McAfee said. Shellshock attacks are still quite prevalent since their emergence late last year, it added
  • Spam Botnets. The Dyre, Dridex, and Darkmailer3.Slenfbot botnets overtook Festi and Darkmailer2 as the top spam networks; pushing pharmaceuticals, stolen credit cards, and “shady” social-media marketing tools

An interview with Chris Young, head of Intel Security, who spoke at an event in Toronto today, will appear in the next issue of Connections+.


Print this page


Leave a Reply

Your email address will not be published. Required fields are marked *