Last week, as I was preparing for the RSA Security Conference, the McAfee Labs Threats Report was published. Although preoccupied with my product launch presentation, I realize the information in the report is worth the break because it adds credence to my work-in-progress presentation on our new Comprehensive Malware Protection (CMP) strategy. CMP is essentially about how McAfee is taking the years of anti-malware technology we’ve integrated into our core security solutions and ensuring they span across a connected security network – providing a more secure environment by blocking advanced threats across multiple threat vectors.
While one can make general observations from this report around cybercriminals taking threats beneath the OS level, digitally-signed malware trends, and a rise in malicious URLs, I would like to share the four trends that were uncovered this quarter that make it clear that CMP is critical in the fight to safeguard the entire network from malware.
1. Malware growth: It’s a zoo out there
At McAfee, we have a zoo. Okay, so it’s a “malware zoo” but it’s wild never-the-less. Last quarter, McAfee researchers calculated that they discover one new malware sample every second. We already have more than 113 million samples in our malware zoo, and should approach 120 million next quarter. Growth in new malware by quarter is also on a relatively steady, and steeper, path. From a network security standpoint, these facts mean that our solutions need to continue to evolve to protect more and protect faster.
2. Rootkits: Stealthy sneaks
Rootkits continue to be a huge risk to security because they are so stealthy and often very hard to detect and remediate. Rootkit detection is difficult because a rootkit is designed to evade detection, may be able to subvert the software that is intended to find it, and can reside on a system for prolonged periods – even after adequate security has been installed. According to the report, after rising during most of the past year, the number of new rootkit samples took a steep downturn this quarter. I’m still suspicious. While the trending is down, I don’t believe we are out of the woods yet when it comes to rootkits.
3. AutoRun malware: Walks in through the front door
McAfee Labs has seen a very significant uptick in AutoRun malware this quarter – almost regaining its record high point reached in second quarter of 2010. AutoRun malware often hides on USB drives and can allow an attacker to take control of a system. I’m not surprised this is on the rise since more and more employees are using their home and work devices interchangeably – often unknowingly walking malware right through the organization’s front door and plugging it in. This is just one reason that organizations must ramp up security in order to combat the risks inherent to BYOD.
4. Suspicious URLs: The malicious webs they weave
I was intrigued to learn from the report that suspicious URLs are replacing botnets as the primary distribution method for malware. An analysis of web threats found that the number of new suspicious URLs increased by 70 percent in the fourth quarter – with 95 percent of these URLs hosting malware, exploits or code designed specifically to compromise computers. This upward trending confirms that a multi-layered defense with strong web protection and anti-malware must be implemented across a business network.
From the trends uncovered in the McAfee Threats Report: Fourth Quarter 2012, you can see that malware is at the center of much of the activity. Using the data from McAfee’s Global Threat Intelligence (GTI) network and the skills from McAfee Labs’ team of over 500 researchers, we can stay current and ahead of the developing threats. With this intelligence, we continue to hone and develop our defenses and grow our CMP strategy – one that weaves anti-malware protection to and through all of our network defenses.