Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
6/14/2016
01:46 PM
Vincent Weafer
Vincent Weafer
Partner Perspectives
50%
50%

Mobile App Collusion, The State Of Hashing, And A Troublesome Trojan Returns

Highlights from the June 2016 McAfee Labs Threats Report.

Mobile malware continues its relentless growth, with infection rates steadily climbing over the past 12 months, approaching 10% of all reporting devices according to the June 2016 McAfee Labs Threats Report. Total Mac OS malware almost doubled during Q1 2016, but the total of almost 100,000 Mac OS malware samples is just a tiny fraction of the nearly 10 million total mobile malware or 575 million total malware samples. Ransomware continues to grow fast as inexperienced attackers increasingly use off-the-shelf exploit kits to easily deploy ransomware.

Mobile Collusion

In the mobile area, researchers from McAfee Labs uncovered mobile apps in the wild working together to exfiltrate mobile data. These colluding apps use interprocess messaging techniques that enable a high-privilege app to pass sensitive information to another app, which then sends the data to its control server in the cloud. Neither of the apps appears malicious when its code is examined individually by the app market or other security defenses. It is only when they are examined together that their malicious intent is revealed. Specific threat types identified include information theft, financial theft, and service misuse.

Hashing Vs. Processor Performance

Increasing processor performance has enabled an incredible range of new applications and devices. Unfortunately, it also reduces the time and cost to impact hashing functions, which are integral to maintaining trust on the internet. When receiving a message or file, a “hash,” or summary of the contents, is verified to confirm that the message is authentic, has not been altered, and is from the sender. To make this work, hashes have to be expensive and time-consuming to duplicate from different messages or files. Processor performance has increased to a point where some older hashing functions are easily cracked. MD5, a hashing algorithm popular in the 1990s, had its viability questioned in 2006. Today, a duplicate hash value can be generated in less than one second. Researchers are now questioning the ongoing viability of the SHA-1 hashing function. It still takes months to duplicate a SHA-1 hash, but since it can take years to adopt a new hashing algorithm, it is time to begin the process now to replace digital certificates based on SHA-1.

Pinkslipbot Trojan Returns

First appearing in the wild in 2007, the Trojan Pinkslipbot went dormant for a couple of years but returned to its previous peak sample rate in Q1. This malware steals personal and financial data and can also take control of an infected system. Once inside, it can determine the location, organization, and individual account of the system, all valuable information. It also aggressively moves laterally through an organization, infecting additional systems. The group behind Pinkslipbot actively enhances the code to improve its effectiveness. It can now disable web reputation products, will shut down if a virtual machine or a debugger is detected, and can change folder permissions to defend itself against antimalware tools.

For more information on these topics, you can download the full McAfee report here.

Vincent Weafer is Senior Vice President of Intel Security, managing more than 350 researchers across 30 countries. He's also responsible for managing millions of sensors across the globe, all dedicated to protecting our customers from the latest cyber threats. Vincent's team ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/11/2021
Edge-DRsplash-10-edge-articles
Cybersecurity: What Is Truly Essential?
Joshua Goldfarb, Director of Product Management at F5,  5/12/2021
Commentary
3 Cybersecurity Myths to Bust
Etay Maor, Sr. Director Security Strategy at Cato Networks,  5/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3200
PUBLISHED: 2021-05-18
Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service
CVE-2021-32305
PUBLISHED: 2021-05-18
WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.
CVE-2020-20951
PUBLISHED: 2021-05-18
In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files.
CVE-2020-23861
PUBLISHED: 2021-05-18
A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page function at libredwg-0.10.1/src/decode_r2007.c:666:5, which causes a denial of service by submitting a dwg file.
CVE-2020-24740
PUBLISHED: 2021-05-18
An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage