The latest McAfee Labs Threat Report from Intel Security warns of a rapid proliferation of new ransomware attacks, as well as HDD and SSD firmware attacks by a major computer espionage group and more malware targeting Adobe Flash.
According to the report, in the first quarter of 2015 ransomware increased by 165 per cent, largely driven by the new ransomware families CTB-Locker and Teslacrypt, and new versions of CryptoWall, TorrentLocker, and BandarChor. CTB-Locker has had success due to new techniques for evading security software, better phishing emails, and an “affiliate” program that gives those to spread CTB-Locker phising messages a percentage of the take.
Another area which saw greater activity in Q1 was malware related to Adobe Flash, with samples increasing by 317 per cent. McAfee researchers attribute the increase to the popularity of Flash, user delay in applying available patches, greater mobile device compatibility with Flash files, and new methods to exploit product vulnerabilities.
“With the popularity of a product like Flash, there comes a tremendous responsibility to proactively identify and mitigate security issues potentially threatening millions of users,” said Vincent Weafer, senior vice-president of McAfee Labs, in a statement. “This research nicely illustrates how the tech industry works together constructively to gain an advantage in the realm of cybersecurity – industry partners sharing threat intelligence, and technology providers acting on information quickly to help prevent potential issues.”
A new group of cybercriminals has also emerged called the Equation Group, which according to McAee seeks to exploit HDD and SSD firmware by reprogramming modules so the firmware can reload malware each time it boots, even if the drive has been reformatted or the OS reinstalled, as security software can’t detect the malware in a hidden area of the drive.
“We at Intel take hybrid software-hardware threats and exploits seriously,” said Weafer. “We have closely monitored both academic proofs of concept and in-the-wild cases of malware with firmware or BIOS manipulation capabilities, and these Equation Group firmware attacks rank as some of the most sophisticated threats of their kind. While such malware has historically been deployed for highly-targeted attacks, enterprises should prepare themselves for the seemingly inevitable ‘off-the-shelf’ incarnations of such threats in the future.”
The quarter also saw a slight decline in new PC malware, and a 49 per cent spike in mobile malware. SSL-related attacks continued, albeit at a slower pace, and spam botnets pushing pharmaceuticals, stolen credit cards, and “shady” social-media marketing tools became the top spam networks.