Intel Security has released the McAfee Labs Threats Report for November 2014, which includes an analysis of the threats which hit in Q3, and the upcoming spectres we’ll be facing in 2015.
So, during the third quarter, McAfee detected some 307 new threats every minute, with overall levels of malware up a worrying 76 per cent year-on-year. Mobile malware grew as well, up 16 per cent.
There was also a distinct increase in fresh attempts to exploit internet protocols, such as SSL vulnerabilities which reared their heads over the course of 2014 like Heartbleed.
Vincent Weafer, Senior Vice President, McAfee Labs, commented on the various incidents: “The year 2014 will be remembered as ‘the Year of Shaken Trust.’ This unprecedented series of events shook industry confidence in long-standing Internet trust models, consumer confidence in organisations’ abilities to protect their data, and organisations’ confidence in their ability to detect and deflect targeted attacks in a timely manner.”
He further noted: “Restoring trust in 2015 will require stronger industry collaboration, new standards for a new threat landscape, and new security postures that shrink time-to-detection through the superior use of threat data. Ultimately, we need to get to a security model that’s built-in by design, seamlessly integrated into every device at every layer of the compute stack.”
So what sort of threats can we expect to emerge next year? McAfee reckons one theme will be your “average” malware author attempting to use malware that avoids detection for a lengthy period, to sit on a device and collect as much data as possible – expect cyber-espionage for the masses, essentially.
There will also be increased targeting of Internet of Things devices, Point of Sale (POS) attacks, and a growth in mobile attack vectors, with an increased availability of malware generation kits which will let less skilled cyber-criminals more easily target smartphones.
The tremors of Shellshock will also be felt for some time, with McAfee noting: “McAfee Labs predicts that the aftershocks of Shellshock with be felt for many years given the number of potentially vulnerable Unix or Linux devices, from routers to TVs, industrial controllers, flight systems, and critical infrastructure.”