Intel Security today released its McAfee Labs Threats Report: August 2015, which includes a critique of graphics processing unit (GPU) malware claims, an investigation of the top cybercriminal exfiltration techniques, and a five-year retrospective on the evolution of the threat landscape since Intel Corporation’s announcement of the McAfee acquisition.
The full report can be found on this link (PDF).
The five-year threat landscape analysis suggests:
- Intel Security foresaw threats targeting hardware and firmware components and threatening runtime integrity.
- Increasingly evasive malware and long-running attacks did not surprise Intel, but some of the specific tactics and techniques were unimagined five years ago.
- Although the volume of mobile devices has increased even faster than it was expected, serious broad-based attacks on those devices has grown much more slowly than we thought.
- We are seeing just the beginnings of attacks and breaches against IoT devices.
- Cloud adoption has changed the nature of some attacks, as devices are attacked not for the small amount of data that they store, but as a path to where the important data resides.
- Cybercrime has grown into a full-fledged industry with suppliers, markets, service providers, financing, trading systems, and a proliferation of business models.
- Businesses and consumers still do not pay sufficient attention to updates, patches, password security, security alerts, default configurations, and other easy but critical ways to secure cyber and physical assets.
- The discovery and exploitation of core Internet vulnerabilities has demonstrated how some foundational technologies are underfunded and understaffed.
- There is growing, positive collaboration between the security industry, academia, law enforcement, and governments to take down cybercriminal operations.
The August report also probes into the details of three proofs-of-concept (PoC) for malware exploiting GPUs in attacks. While nearly all of today’s malware is designed to run from main system memory on the central processing unit (CPU), these PoCs leverage the efficiencies of these specialized hardware components designed to accelerate the creation of images for output to a display.
The scenarios suggest hackers will attempt to leverage GPUs for their raw processing power, using them to evade traditional malware defences by running code and storing data where traditional defences do not normally watch for malicious code.
Reviewing the PoCs, Intel Security agrees that moving portions of malicious code off of the CPU and host memory reduces the detection surface for host-based defences. However, researchers argue that, at a minimum, trace elements of malicious activity remain in memory or CPUs, allowing endpoint security products to detect and remediate threats.
McAfee Labs also details techniques cybercriminals use to exfiltrate a wide variety of information on individuals from corporate networks: names, dates of birth, addresses, phone numbers, social security numbers, credit and debit card numbers, health care information, account credentials, and even sexual preferences.
In addition to tactics and techniques used by attackers, this analysis examines attacker types, their motivations, and their likely targets, as well as the policies businesses should embrace to better detect exfiltration.
The August 2015 report also identified a number of other developments in the second quarter of 2015:
- Ransomware. Ransomware continues to grow very rapidly
- Mobile slump. The total number of mobile malware samples grew 17 per cent in Q2.
- Spam botnets. The trend of decreasing botnet-generated spam volume continued through Q2, as the Kelihos botnet remained inactive.
- Suspect URLs. Every hour in Q2 more than 6.7 million attempts were made to entice McAfee customers into connecting to risky URLs via emails, browser searches, etc.
- Infected files. Every hour in Q2 more than 19.2 million infected files were exposed to McAfee customers’ networks.
- PUPs up. Every hour in Q2 an additional 7 million potentially unwanted programs (PUPs) attempted installation or launch on McAfee-protected networks.