In my network security leadership role, I can often see and sense the shifts in the threat landscape before I get my hands on the invaluable Quarterly Threats Reports from McAfee. I get near real-time updates from my teams and am pulled into conversations daily around suspicious activity, questionable messaging, or illegitimate websites. As I read the McAfee Threats Report: Second Quarter 2013, I was not entirely surprised by the discoveries the McAfee Labs team documented.
The most recent data released from McAfee Labs uncovers some very concerning trends around mobile threats – specifically that Android-based malware grew 35 percent due to the continued proliferation of SMS-stealing banking malware, fraudulent dating and entertainment apps, and malicious apps posing as useful tools. In this post, I’d like to share the stealthy, suspicious and surging threats from a network security perspective. Paying close attention to these trends is critical in the development of our current and future security solutions.
The Stealthy. Ransomware, also called scareware, is a family of malware that takes a computer or its data hostage (by restricting access to the computer system it infects) to extort money from its victims in return for access. Over the past two quarters, McAfee Labs has catalogued more ransomware samples than in all previous periods combined. From a network perspective, it can start with a seemingly innocent click in a streaming video or “pay per install” action, and lead to control by botnets and further infection – actions that pose huge risks to the corporate network. The number of new samples in the second quarter was greater than 320,000, more than twice as many as the previous period, demonstrating the profitability of the tactic.
The Suspicious. The McAfee Labs team is relentless in its search for bad or malicious websites and suspicious URLs – those websites deemed to have malicious reputations because they host malware, potentially unwanted programs, or phishing sites. These threats continue to rise. In fact, at the end of the quarter, McAfee uncovered 74.7 million suspicious URLs, which represent a 16 percent increase over the first quarter. Malicious websites and suspicious URLs embedded in email remain one of the key distribution mechanisms for malware exploits, or codes that have been designed specifically to compromise computers. This upward trending confirms that a multi-layered defense with strong email and web protection, along with anti-malware must be implemented across a business network.
The Surging. Just when you thought spam was merely an inconvenience that would slowly fade away consider that this April, spam volume surpassed 2 trillion messages, the highest figure since December 2010. Global spam volume continued to surge through the second quarter with more than 5.5 trillion spam messages. This means that 7 out of 10 emails being sent are spam – and likely containing some variant of malicious code. These days, spam protection is far more sophisticated than it was 10 years ago, but it is still fallible. That’s why, at McAfee, we continue to maintain our focus on these growing messaging threats. This quarter, malicious URLs and botnets found their way into legitimate-looking, timely emails about prescription drugs, delivery service notifications, and the Boston Marathon.
The stealthy, suspicious, and surging are simply a representation of the security risks that continue to plaque online business communications and breach data networks. These trends were not a huge surprise to me but definitely validate the security course we are taking: a layered approach that combines endpoint and network protection to stop any variant of threat before it can infiltrate the enterprise and exfiltrate data and assets.