When McAfee Labs publishes its Threats Report each quarter, I tend to struggle with a combination of excitement and anxiety. I get excited to learn about the latest discoveries that plague cyberspace and anxious about whether the technology we continue to develop and hone can adequately protect our business customers. It’s critical information that we use to both fuel our product development efforts and persistently communicate to our customers in order to create awareness and increase education.
In keeping with its usual quality, the Q3 Threats Report is filled with pages of new discoveries, trends, and forecasting. I would, however, like to share three threats that were uncovered this quarter that I believe are the stealthiest and possibly the most dangerous to overall network security.
1. Ransomware: Scary at home, scarier at work
Last quarter, McAfee researchers discovered nearly 100,000 new malware samples per day – which is incredible growth. This quarter, we see malware slowing, but we’ve already topped 100 million samples. While there are many classes of malware and attacks, however, I think we need to pay particular attention to ransomware. As you know from last quarter’s report, ransomware is a family of malware that takes a computer or its data hostage to extort money from its victims. According to McAfee researchers, the number of unique ransomware samples grew by another 43 percent last quarter, making it one of the fastest growing classes of cybercrime.
With ransomware, many don’t even recognize they have become victims of a crime or that they can actually report it as a crime. Not only is ransomware particularly disturbing to consumers with its sophisticated use of social engineering tactics, but it is a huge risk to the corporate network as the line between employee-owned devices and company devices begins to blur. It can start with a seemingly innocent click in a streaming video or “pay per install” action, and lead to control by botnets and further infection – actions that pose huge risks to the corporate network. The ramifications of Bring Your Own Device (BYOD) are making it clear that organizations must deploy a combination of best practices, process controls, and advanced security – from the network all the way down to the application level.
2. Data Breaches: Databases are serious targets
In my conversations around network security, I often get asked about database security and the prevalence of data breaches. This quarter’s Threats Report discloses that while the volume of data breaches is not exceptionally high, the total number of data breaches from the beginning of 2012 has already surpassed what we uncovered during the full year of 2011. What I find as equally interesting as I do disturbing is that McAfee Labs is predicting an increase in volume and sophistication of data breach attacks in response to an increase in new defensive technologies like biometric and multifactor authentication.
It’s a vicious cycle. While my network security team is currently integrating the most advanced defenses into our various security offerings, McAfee Labs is trying to determine how stolen data will be used in future attacks and if that intelligence can somehow be used to prevent future attacks. Although there are still so many unknowns, there is one thing I know for certain: organizations that deploy a data loss prevention solution have far greater protection no matter what the future holds.
3. Websites: Bad reputations, bad actors, bad news
At McAfee, we are relentless in our search for bad or malicious websites/URLs – those websites deemed to have malicious reputations because they host malware, potentially unwanted programs, or phishing sites. According to the Threats Report, by the end of September, the total number of suspect URLs tallied by McAfee Labs surpassed 43.4 million, which represents a 20 percent increase over the second quarter. In the case of suspect URLs, we’re seeing incredible volume – over 2.7 million per month – with most of them host to malware, exploits, or codes that have been designed specifically to compromise computers. Packing a punch in this website category is phishing. McAfee Labs discovered a trend around financially-focused phishing attacks in the third quarter touching on five main areas and hitting some high-profile financial institutions like Wells Fargo, eBay, the IRS, and Amazon.
When I read these reports, I am always blown away by the massive volume of malicious sites developed by malicious people with equally-malicious motives. At the same time, I am incredulous that a business could survive in this environment without a layered web protection solution in place backed by protection equal to McAfee Global Threat Intelligence and McAfee Labs. It seems unthinkable.
I cannot stress enough how critical it is for network security providers to stay one step ahead of the threats and I’m grateful that we have a brilliant team of researchers at McAfee to ensure that we can and that we do. Without the collective data from our quarterly Threats Reports, it would be impossible to develop new defenses and bolster our current defenses to ensure that our enterprise customers are protected from the seemingly innocent website to the highly-calculated network infiltration.
Read the full McAfee Labs Q3 Threats Report, here: http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q3-2012.pdf