This week, the experts at McAfee Labs released their latest quarterly threats report, which recapped emerging cyber-threats they saw at the end of last year. In addition to some of the trends we know of that afflict big companies and individuals, there are a number of interesting threats that affect users in the federal government space.
One disturbing trend was the proliferation of malicious signed binaries, the growth of which rose 52% since our last quarterly report. In other words, these are malicious applications in disguise. The attacker “signs” them with a certificate from a presumably trusted source, and users may think they are accepting an application that they identify. But this exploit is a wolf in sheep’s clothing. What’s further troubling is that these binaries throw into question the effectiveness of the Certificate Authority Model– the primary asset verification structure employed in government agencies. If a hacker can sign malware with a stolen trusted certificate, how does one effectively weed out unwanted programs? In the absence of an alternative to the Certificate Authority model, network administrators will have to be vigilant whenever they’re installing software.
The high-profile attacks we heard about at retailers like Target and Neiman Marcus in late 2013 were part of a growing Cybercrime-as-as-Service (or CaaS) market that Labs researchers also identified in the report. This illicit marketplace, with roots on the Deep Web, allows attackers to easily purchase, modify and employ point-of-service (POS) malware that could then be used against conglomerates, government agencies and individuals. This malware isn’t particularly complicated or expensive for hackers, and it can be quite effective. As we’ve noted before, 80% of cyberattacks could be prevented by following simple cybersecurity best practices – but if that care isn’t taken, relatively simply malware can wreak havoc. Government agencies must monitor in the face of a growing number of simplistic but damaging cyber-attacks. If cybercriminals could execute such large-scale attacks on retailers, they could attempt the same against government agencies. The administrators of federal sites that are citizen-facing and store large amounts of personal information need to be especially vigilant.
The final major trend in the report is the continued growth of mobile malware – up 197% from the end of 2012. This trend, which has grown in prominence and relevance in every quarterly report, shows the continued risk that government agencies have to mitigate as more of their operations go onto portable devices. Mobile computing brings unparalleled speed and convenience to its users, but many mobile devices don’t bear the cybersecurity suites that protect other endpoint devices like PCs. The data that government employees work with on their mobile devices may be sensitive and can be shared or exploited without the proper protection in place. This is especially true in a BYOD setting, where employees are being implicitly trusted to follow security guidelines.
The senior vice president of McAfee Labs, Vincent Weafer, said that late 2013 would be the time that cybercrime became “real” for more people than ever. From mobile attacks to malware black markets to an authority model that you can’t necessarily trust, I’m fully inclined to agree. Watch the McAfee blogs as we delve into these threats further and talk about potential solutions.