McAfee Labs Threats Report Highlights Surge in Ransomware, Flash Exploits, Firmware Attacks

By on

This blog post was written by Rick Simon.

McAfee today released the McAfee Labs Threats Report: May 2015. Along with the usual compilation of threats statistics, it focuses on three key topics:

  • A surge in powerful and clever ransomware that encrypts files and holds them hostage until the ransom is paid.
  • New Adobe Flash exploits target the growing number of vulnerabilities that have not been patched by users or enterprises.
  • Persistent and virtually undetectable attacks by the Equation Group that reprogram hard disk drives and solid state drive firmware.

 

The Equation Group: exploiting hard disk and solid state drive firmware

In February, news broke about a rare but extremely sophisticated attack campaign. The “Equation Group,” named for their affinity for complex encryption schemes, is thought to be behind the attacks. The most alarming discovery is that the Equation Group’s malware includes hard disk drive and solid state drive reprogramming modules. Once reprogrammed, a compromised system remains infected even if the hard drive is reformatted or the operating system is reinstalled. Further, the reprogrammed firmware and associated malware are undetectable by security software. This marks the first time in a Threats Report that McAfee Labs has examined a firmware-based attack.

We also focus on two familiar faces—ransomware and Adobe Flash exploits—because McAfee Labs saw massive increases in new samples this quarter from both types of threat.

 

Ransomware returns: new families emerge with a vengeance

For ransomware, we attribute much of its growth to a new, hard-to-detect ransomware family—CTB-Locker—and its use of an “affiliate” program to quickly flood the market with phishing campaigns, leading to CTB-Locker infections. With the newly discovered Tox malware, an off-the-shelf application that lets users build their own ransomware, we expect ransomware to continue its meteoric rise.

 

Adobe Flash: a favorite of designers and cybercriminals

McAfee Labs attributes the rise in Flash exploits to the steady increase in the number of Flash vulnerabilities; user and enterprise delay in the application of software patches for those vulnerabilities; new, creative methods to exploit them; a steep increase in the number of mobile devices that can play Flash .swf files; and the difficulty of detecting Flash exploits.

Enterprise delay in patching software was highlighted in a recent report from NopSec. NopSec cross-correlated data from the National Vulnerability Database’s CVE system, which documents known vulnerabilities, with data from their own customers’ environments. They found that the fastest average time to remediation was 50 days in the case of cloud providers. For financial services providers, the average time to remediation was an astounding 176 days. Unpatched vulnerabilities represent an incredible window of opportunity for cybercriminals.

Leave a Comment

Similar articles

Destructive malware has been employed by adversaries for years. Usually such attacks are carefully targeted and can be motivated by ideology, politics, or even financial aims. Destructive attacks have a critical impact on businesses, causing the loss of data or crippling business operations. When a company is impacted, the damage can be significant. Restoration can ...
Read Blog
This post was written with contributions from the McAfee Advanced Threat Research team.   The McAfee Advanced Threat Research team and McAfee Labs Malware Operations Group have discovered a new global campaign targeting nuclear, defense, energy, and financial companies, based on McAfee® Global Threat Intelligence. This campaign, Operation Sharpshooter, leverages an in-memory implant to download ...
Read Blog
Rockstar Games’ Red Dead Redemption 2 has struck a popular chord with many online gamers. Unfortunately, the Western-themed action-adventure game has also become a popular vessel for malicious activity among cybercriminals as well. Scammers are tricking gamers into giving up their personal information with phony “free” downloads of the online game, while simultaneously making a ...
Read Blog