The common thread running through this quarter’s McAfee Labs Threats Report: Third Quarter 2013 is about making money – clearly prevalent in the past, but much more obvious and aggressive this quarter. As the leader of the network security business for McAfee, I’m constantly kept abreast of new trends and emerging threats by my developers, researchers and engineers, but this edition of the McAfee Threats Report was eye-opening. Thanks to the hard work of the McAfee Labs team and their published findings, businesses and consumers can be better prepared for the risks that are plaguing cyber activities. In this post, I’ll provide a short overview of the general findings and then share the three major discoveries impacting network security.
This quarter, the McAfee Labs team identified a steady growth in overall malware with an emphasis on mobile, a sharp uptick in worldwide spam, an increase in the use of digital currencies by cybercriminals to maintain anonymity for their illegal activities, the shutdown of the online market Silk Road, and the emergence of the “Deep Web,” an online supply for cybercriminals. Additionally, our researchers believe that advanced malware is showing no sign of changing its steady growth trajectory and is a major factor in the rise of network threats. From a network security perspective, the third quarter was infested with tactics and techniques used to steal or make money through spearphishing and malicious URLs.
Money for Nothing: Ransomware
Ransomware is a family of malware that holds a computer hostage (by restricting access to the computer system it infects) until the victim pays to free it. This extortion is a bad problem on the rise – with over 312,000 new samples discovered this quarter. In addition to using this tactic to extort money from the blindsided and naive user, that innocent click can lead to control by botnets and further infection – actions that pose huge risks to the corporate network. So, not only do criminals walk away with easy money, they often never remove the destructive malware.
The Check is in the Mail: Spam
If you think we’re safe from spam these days, think again. The researchers at McAfee report that after a slight decline in May and June the volume of worldwide spam has more than doubled this quarter – a 125 percent increase over last quarter. Spam volume hasn’t been this high since August 2010. Our researchers believe this marked increase is being driven by legitimate marketing firms purchasing and using mailing lists sourced from less-than-reputable sources. Aside from the inconvenience, the increase in spam can be extremely detrimental and destructive. Uneducated users can fall prey to financial scams with one click on a malicious URL embedded in a legitimate-looking email or reply to very authentic-looking phishing emails that entice them to give up personal information.
Click to Pay: Web Threats
Malicious websites and suspicious URLs embedded in email remain one of the key distribution mechanisms for malware exploits, or codes that have been designed specifically to compromise computers. Our analysis of web threats found that the number of new suspicious URLs – those websites deemed to have malicious reputations because they host malware, potentially unwanted programs, or phishing sites – increased by 14 percent this quarter. In fact, the leading industries suffering phishing attacks are online-auction and financial organizations. Today, the spread of risk is compounded by the 4 trillion spam messages reported in September – the highest volume since 2010.
The Q3 McAfee Threats Report gives us insight into the rise of virtual currency and how it’s starting to fuel the growth of cybercrime, while traditional money-making and money-stealing schemes continue through spam, malware and ransomware. Unfortunately, none of this cybercrime shows any sign of waning. In fact, the upward trending confirms that a multi-layered defense with strong email protection, web protection and anti-malware must be implemented across a business network. As I’ve said before, this strong “Defense in Depth” approach – that combines endpoint and network protection – is critical in preventing any variant of threat from infiltrating the enterprise and exfiltrating money, data and assets.