December 9, 2014
Intel Security today released its McAfee Labs November 2014 Threats Report, including an analysis of threat activity in the third quarter of 2014, and the organization’s annual 2015 Threats Predictions for the coming year. The report details a third quarter filled with threat development milestones and cyber events exploiting long-established Internet trust standards.
McAfee Labs forecasts a 2015 threat landscape shaped by more attacks exploiting these standards, new attack surfaces in mobile and Internet of Things (IoT), and increasingly sophisticated cyber espionage capabilities, including techniques capable of evading sandboxing detection technologies.
In the third quarter, McAfee Labs detected more than 307 new threats every minute, or more than five every second, with mobile malware samples growing by 16% during the quarter, and overall malware surging by 76% year over year. The researchers also identified new attempts to take advantage of Internet trust models, including secure socket layer (SSL) vulnerabilities such as Heartbleed and BERserk, and the continued abuse of digital signatures to disguise malware as legitimate code.
In 2015, McAfee Labs predicts malicious parties will seek to extend their ability to avoid detection over long periods, with non-state actors increasingly adopting cyber espionage capabilities for monitoring and collecting valuable data over extended targeted attack campaigns. The researchers predict more aggressive efforts to identify application, operating system, and network vulnerabilities, and an increasing focus on the limitations of sandboxing technologies as hackers attempt to evade application- and hypervisor-based detection.
“The year 2014 will be remembered as ‘the Year of Shaken Trust,’” said Vincent Weafer, senior vice president, McAfee Labs, part of Intel Security. “This unprecedented series of events shook industry confidence in long-standing Internet trust models, consumer confidence in organizations’ abilities to protect their data, and organizations’ confidence in their ability to detect and deflect targeted attacks in a timely manner.
“Restoring trust in 2015 will require stronger industry collaboration, new standards for a new threat landscape, and new security postures that shrink time-to-detection through the superior use of threat data. Ultimately, we need to get to a security model that’s built-in by design, seamlessly integrated into every device at every layer of the compute stack.”