Starting with the McAfee Labs Threats Report: Fourth Quarter 2013 posted today, we’re taking a fresh approach to its format, content, and supporting materials.
We had several things in mind when developing this new approach:
- Focusing on a few key topics and trends. Those topics will cover top threats or security issues from the quarter; threat concerns–on a rotating basis–surrounding the four IT megatrends: mobile, social, cloud, and big data; and other top issues from the quarter.
- Making the report more engaging, more colorful, easier to understand, and simpler to navigate.
- Including an infographic with each report and making it simple for readers to “lift” key data from the report for use in their reports.
- Continuing to publish the rich set of threats data that we collect through McAfee Global Threat Intelligence. By continuing to publish that data—most of which is in time series—our readers can gain a better understanding of the changing threats landscape.
The journey toward these goals continues and we welcome your feedback.
In this quarter’s report, we discuss four key topics:
- The cybercrime industry and its role in point-of-sale attacks. The cybercrime industry was complicit in making these attacks possible, from the purchase of point-of-sale malware to the anonymous sale and monetization of stolen credit card numbers.
- Malicious signed binaries: Can we trust the Certificate Authority model? For many quarters, we have chronicled the rapid rise of malicious signed binaries. With more than 8 million now cataloged, trust in the Certificate Authority model is eroding. The security industry needs to help users understand which certificates can be trusted.
- Microsoft Office zero-day exploit: Discovered by McAfee Labs. In November, McAfee Labs discovered a zero-day exploit that attacks a vulnerability in Microsoft Office. It is the first known zero-day exploit of the .docx format. This discussion describes how we unpacked the exploit, worked with Microsoft to develop a patch for it, and built defenses into McAfee products to stop it.
- Mobile malware: The march continues. As with malicious signed binaries, we track the rapid growth in mobile malware: 2.4 million new mobile malware samples were added in 2013, up 197% from 2012. This quarter, we explore what appears to be a relationship between apps that “overcollect” mobile device telemetry and apps that contain or enable malware.
Read the report and let us know what you think!