March 24, 2016
Intel Security has released its McAfee Labs Threats Report: March 2016, which assesses the attitudes of 500 cybersecurity professionals toward cyber threat intelligence (CTI) sharing, examines the inner workings of the Adwind remote administration tool (RAT), and details surges in ransomware, mobile malware, and overall malware in Q4 2015.
Last year, Intel Security interviewed 500 security professionals in a variety of industries across North America, Asia Pacific, and Europe to gauge awareness of CTI, its perceived value in enterprise security, and which factors may stand in the way of greater implementation of CTI into security strategies.
Of the 42% of respondents who report using shared threat intelligence, 97% believe that it enables them to provide better protection for their company. Of those participating respondents, 59% find such sharing to be “very valuable” to their organizations, while 38% find sharing to be “somewhat valuable.”
A near unanimous 91% of respondents voice interest in industry-specific cyber threat intelligence, with 54% responding “very interested” and 37% responding “somewhat interested.” Sectors such as financial services and critical infrastructure stand to benefit most from such industry-specific CTI given the highly specialized nature of threats McAfee Labs has monitored in these two mission-critical industries.
The report found that 63% of respondents indicate they may be willing to go beyond just receiving shared CTI to actually contributing their own data, as long as it can be shared within a secure and private platform. However, the idea of sharing their own information is met with varying degrees of enthusiasm, with 24% responding they are “very likely” to share while 39% are “somewhat likely” to share.
“Given the determination demonstrated by cybercriminals, CTI sharing will become an important tool in tilting the cybersecurity balance of power in favour of defenders,” said Vincent Weafer, vice president of Intel Security’s McAfee Labs group. “But our survey suggests that high-value CTI must overcome the barriers of organizational policies, regulatory restrictions, risks associated with attribution, trust and a lack of implementation knowledge before its potential can be fully realized.”
This quarter’s report also assesses the Adwind remote administration tool (RAT), a Java*-based backdoor Trojan that targets various platforms supporting Java files. Adwind is typically propagated through spam campaigns that employ malware-laden email attachments, compromised Web pages and drive-by downloads.