McAfee Lab’s Q1, 2017, 83-page Threat Report shows mobile malware grew 57% and MacOS malware grew 53% - particularly significant in Australia with a higher proportion of Mac users. There were 244 new threats every minute.
McAfee’s Ian Yip, Chief Technology Officer, laments that “There are hundreds, if not thousands, of anti-security, anti-sandbox, and anti-analyst evasion techniques employed by malware authors. Many can be purchased off the shelf from the dark web” which helps to explain the huge increases on malware-driven by spam/phishing. The report has a considerable list of Dark Market Evasion Tools and their sale prices!
“This quarter’s report reminds us that evasion has evolved from trying to hide simple threats executing on a single box, to hiding of complex threats targeting enterprise environments over an extended time, to entirely new paradigms such as evasion techniques designed to evade machine learning based protections,” added Yip.
{loadposition ray}
Before Mac users get upset McAfee shows that new Mac OS malware has been boosted by a glut of adware and Windows users, by sheer volume still account for most threat vectors. And mobile malware is largely Android-based as that is where the volume is.
In the top ten targeted industries, Government remains at the top, with individuals next.
The report identified Fareit password stealing software as a major concern. Fareit comes mainly via malicious Word attachments in emails. It sees growth in this area as people, businesses, and governments become increasingly dependent on cloud systems and devices that are protected only by passwords, these credentials are weak or easily stolen, creating an attractive target for cybercriminals.
It identified Steganography as a major method of infiltrating malware and exfiltrating stolen data. It conceals data within images, audio tracks, video clips and text files to avoid detection by security software.
Stegoloader malware code hides itself within am image. Users downloading free “pirated software” download the image along with the software. While the user’s PC is completing the installation process, the image is unlocked and begins to download other malicious software onto the PC. It can either download software that steals information from the infected system or download ransomware that encrypts the PC’s information and holds it for ransomware until a user pays.
McAfee Labs sees network steganography as the newest of hiding data just as unused fields within the TCP/IP protocol headers have been used to hide data. This method is on the rise because attackers can send an unlimited amount of information through the network using this technique.
It says you get what you pay for, and users should be wary of where they get their software. In steganographic malware cases, users must understand that they may find themselves downloading junk software applications and then paying cyber criminals in other ways.
The report is a good read.