McAfee 3rd Quarter 2013 Threat Report Released

Posted: November 20, 2013 in IT Security News
Tags: , , , ,

McAfee logoMcAfee Labs today published its quarterly report on the latest threat tendencies – review the details to get a generous portion of statistics and nutty facts.

Traditionally, a ‘cold’ summer period, characterized by a relatively poor cybercriminal activity, is nine times out of ten followed by a fall’s wave of devastation that brings new forms of sophisticated threats. With nearly 20 million of new quarantine zone malware exemplars, the third quarter of 2013 is no exception. Apart from nasty PC menaces, a surge of Andriod malware is also observed with 700k new species approximately and a total of almost 2.8ml.

There are 4 threat tendencies to point out, proving that protection technologies desperately need constant improvements and updates without any reference to the user’s status (enterprise or private individual).

1. A 30% increase in the number of attacks on Android-based mobile devices is observed. Typically, harmful programs aim at striking Android’s master key, allowing the malefactors to bypass signature checks.
2. The malicious apps backed by certificates perplex millions of users, offering a hardly solvable question of finding the crucial difference between infected and safe applications.
3. The amount of global spam has increased by 125%
4. The Deep Web, a phenomenon born due to a rapid development of cybercrime (the area that comprises money laundering, drug trafficking, arms trading industries and many more) is becoming more and more obvious as criminals’ interest in virtual currencies is permanently growing.
McAfee Labs Threat Report

Mobile Malware

This quarter the malware catalogue has been replenished with a 700k army of malicious species; however, the same period in 2012 was characterized by a similar splash, followed by a significant decrease of activity in the 4th quarter.

McAfee Labs experts have recently discovered Exploit/MasterKey.A, a hitherto unprecedented Android malware type, created to bypass digital signature validation. Taking into account that validation is an essential aspect of the Android’s security environment, the operating system’s fans won’t be happy with the news. McAfee Labs professionals have also managed to find a new family of malware designed to download a second-stage payload without any notifications once installed.

Android malware

Signed Malware

A multitude of establishments have developed the habit of building malware detection rules in their firewalls in conjunction with protection software to detect whether an application comes with a signature. For many years IT specialists believed that certificates, issued by Certificate Authority, are safe and valid. However, the savvy cybercriminals are concerned about the fact, taking advantage of utilizing hijacked certificates or those ones retrieved from forged CA vendors.

Actually, an increase in signed malware is quite obvious, gaining momentum at an impressive speed. A 50% growth in signed malicious applications in the third quarter of 2013 is mostly explained by its ease of use to pass the scanners.

In accordance with McAfee Labs, the number of signed malware has blazed a trail to 5.3% by the fourth quarter of 2013 (comparing to 1.3% in 2010). Certainly, such increase may seem insignificant; however, the data makes it clear that nearly 5 million copies are currently circulating in the world of Android. As for mobile segment, the fact should be underlined that the trend is even more obvious, characterized by a 25% increase malware since the year of 2010.

Taking into consideration a good number of rogue certificates strolling around, it seems that cybercriminals have their own top list. According to the info revealed at Focus 2013 conference a bunch of forged certificates has recently been revealed: the group of malefactors has utilized around 1k certificates to spread malware, while another establishment has managed to sign as many as 500 various malware pieces.

malicious binaries

Spam Spikes

After a long period of steady growth, global spam has quite unexpectedly experienced an impressive increase in its volume as of November 2013. Actually, an imposing increase has been reported of on a weekly basis since the early October, reaching the mark of nearly 4.0 trillion messages. McAfee experts associate the 125% growth with legitimate marketing campaigns, putting a lot of effort in developing email marketing direction, but cooperating with untrustworthy mailing services.

Particularly, a good part of the job is done by affiliate marketers, known for playing ball with huge & respectable brands and turning to account all the means necessary, including email marketing as well to maximize conversion rates. Even though such mailings do not contain malware, an ordinary user will hardly establish any difference.

global spam

Virtual Currencies

Being one of the most exciting and acute latter-day topics, slowly but steadily, virtual currencies pave their way towards global recognition. With a shining example of Bitcoin, a decentralized cryptocurrency boasting with its independence from fiat money, virtual currencies may soon find themselves on the crest of a wave. Thus, Yankee Group reportedly estimates the market of virtual currencies at $48bn as of the year 2012. Apart from serving a broad variety of purposes, allowing the users make payments for goods and services, the currencies not only represent powerful financial instruments with a tiny set of limits (if compared to traditional bank services), but also offer anonymous and difficult to track transactions.

Attracted by an imposing number of anonymity benefits, a vast army of cybercriminals has adopted a brand-new opportunity pretty quickly. Therefore, a drug dealer takes advantage of using virtual currencies to push illicit goods and receive funds fooling the big brother. Laundering the revenues from criminal activities is another ‘tempting’ opportunity that attracts criminal organizations. A report (Digital Laundry: An analysis of online currencies, and their use in cybercrime), published by McAfee labs contains a research on the ways of utilizing virtual currencies for an outstanding number of illegal activities, including drug trade and arms trading. Moreover, the report also covers the issue of passive exchange platforms’ aiding and abetting, as they make a contribution in laundering ill-gotten profits. A new direction, called Deep Web has emerged in parallel with virtual currencies; a typical deep web marketplace offers backstreet goods and services exclusively.

Silk Road, a true to type online black market representative, shut down by the feds on the 1st of October, was, perhaps, the largest deep web website ever. The marketplace has gained a reputation of a first-string drug distribution spot and a far-famed illegal services center, that’s why its closure is perceived as an absolutely crucial moment in a rigid war against international crime. However, with all due respect to the achievement, enforcement agencies have managed to win a battle, but not a war, so there is still plenty of work to take care off.

Silk Road

Black Market

To read the full McAfee Labs Threats Report: Third Quarter 2013, please visit: http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q3-2013.pdf

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s