Highlights from the June 2016 McAfee Labs Threats Report.

Vincent Weafer, Senior Vice President, Intel Security

June 15, 2016

3 Min Read

Mobile malware continues its relentless growth, with infection rates steadily climbing over the past 12 months, approaching 10% of all reporting devices according to the June 2016 McAfee Labs Threats Report. Total Mac OS malware almost doubled during Q1 2016, but the total of almost 100,000 Mac OS malware samples is just a tiny fraction of the nearly 10 million total mobile malware or 575 million total malware samples. Ransomware continues to grow fast as inexperienced attackers increasingly use off-the-shelf exploit kits to easily deploy ransomware.

Mobile Collusion

In the mobile area, researchers from McAfee Labs uncovered mobile apps in the wild working together to exfiltrate mobile data. These colluding apps use interprocess messaging techniques that enable a high-privilege app to pass sensitive information to another app, which then sends the data to its control server in the cloud. Neither of the apps appears malicious when its code is examined individually by the app market or other security defenses. It is only when they are examined together that their malicious intent is revealed. Specific threat types identified include information theft, financial theft, and service misuse.

Hashing Vs. Processor Performance

Increasing processor performance has enabled an incredible range of new applications and devices. Unfortunately, it also reduces the time and cost to impact hashing functions, which are integral to maintaining trust on the internet. When receiving a message or file, a “hash,” or summary of the contents, is verified to confirm that the message is authentic, has not been altered, and is from the sender. To make this work, hashes have to be expensive and time-consuming to duplicate from different messages or files. Processor performance has increased to a point where some older hashing functions are easily cracked. MD5, a hashing algorithm popular in the 1990s, had its viability questioned in 2006. Today, a duplicate hash value can be generated in less than one second. Researchers are now questioning the ongoing viability of the SHA-1 hashing function. It still takes months to duplicate a SHA-1 hash, but since it can take years to adopt a new hashing algorithm, it is time to begin the process now to replace digital certificates based on SHA-1.

Pinkslipbot Trojan Returns

First appearing in the wild in 2007, the Trojan Pinkslipbot went dormant for a couple of years but returned to its previous peak sample rate in Q1. This malware steals personal and financial data and can also take control of an infected system. Once inside, it can determine the location, organization, and individual account of the system, all valuable information. It also aggressively moves laterally through an organization, infecting additional systems. The group behind Pinkslipbot actively enhances the code to improve its effectiveness. It can now disable web reputation products, will shut down if a virtual machine or a debugger is detected, and can change folder permissions to defend itself against antimalware tools.

For more information on these topics, you can download the full McAfee report here.

About the Author(s)

Vincent Weafer

Senior Vice President, Intel Security

Vincent Weafer is Senior Vice President of Intel Security, managing more than 350 researchers across 30 countries. He's also responsible for managing millions of sensors across the globe, all dedicated to protecting our customers from the latest cyber threats. Vincent's team is dedicated to advancing the research and intelligence gathering capabilities required to provide the latest protection solutions in malware, host and network intrusion, email, vulnerability, regulatory compliance, and web security.

Vincent has an extensive range of experience gained over 25 years in the information technology industry, including 11 years as the leader of Symantec's Security Response team. He is also a highly regarded speaker on Internet security threats and trends, with coverage in national and international press and broadcast media. He has been invited to testify on multiple government committees including the States Senate Committee on the Judiciary hearing on Combating Cyber Crime and Identify Theft in the Digital Age in April 2010, the United States Sentencing Commission's Public Hearing on Identity Theft and Restitution Act of 2008 in March 2009, and the United States Senate Committee on Commerce, Science, and Transportation on Impact and Policy Implications of Spyware onConsumers and Businesses in June 2008. In addition he has presented at many international conferences and was a committee member of the IEEE Industry Connections Study Group (ICSG) 2009-2010, and has also co-authored a book on Internet Security.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights