Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
6/14/2016
01:46 PM
Vincent Weafer
Vincent Weafer
Partner Perspectives
50%
50%

Mobile App Collusion, The State Of Hashing, And A Troublesome Trojan Returns

Highlights from the June 2016 McAfee Labs Threats Report.

Mobile malware continues its relentless growth, with infection rates steadily climbing over the past 12 months, approaching 10% of all reporting devices according to the June 2016 McAfee Labs Threats Report. Total Mac OS malware almost doubled during Q1 2016, but the total of almost 100,000 Mac OS malware samples is just a tiny fraction of the nearly 10 million total mobile malware or 575 million total malware samples. Ransomware continues to grow fast as inexperienced attackers increasingly use off-the-shelf exploit kits to easily deploy ransomware.

Mobile Collusion

In the mobile area, researchers from McAfee Labs uncovered mobile apps in the wild working together to exfiltrate mobile data. These colluding apps use interprocess messaging techniques that enable a high-privilege app to pass sensitive information to another app, which then sends the data to its control server in the cloud. Neither of the apps appears malicious when its code is examined individually by the app market or other security defenses. It is only when they are examined together that their malicious intent is revealed. Specific threat types identified include information theft, financial theft, and service misuse.

Hashing Vs. Processor Performance

Increasing processor performance has enabled an incredible range of new applications and devices. Unfortunately, it also reduces the time and cost to impact hashing functions, which are integral to maintaining trust on the internet. When receiving a message or file, a “hash,” or summary of the contents, is verified to confirm that the message is authentic, has not been altered, and is from the sender. To make this work, hashes have to be expensive and time-consuming to duplicate from different messages or files. Processor performance has increased to a point where some older hashing functions are easily cracked. MD5, a hashing algorithm popular in the 1990s, had its viability questioned in 2006. Today, a duplicate hash value can be generated in less than one second. Researchers are now questioning the ongoing viability of the SHA-1 hashing function. It still takes months to duplicate a SHA-1 hash, but since it can take years to adopt a new hashing algorithm, it is time to begin the process now to replace digital certificates based on SHA-1.

Pinkslipbot Trojan Returns

First appearing in the wild in 2007, the Trojan Pinkslipbot went dormant for a couple of years but returned to its previous peak sample rate in Q1. This malware steals personal and financial data and can also take control of an infected system. Once inside, it can determine the location, organization, and individual account of the system, all valuable information. It also aggressively moves laterally through an organization, infecting additional systems. The group behind Pinkslipbot actively enhances the code to improve its effectiveness. It can now disable web reputation products, will shut down if a virtual machine or a debugger is detected, and can change folder permissions to defend itself against antimalware tools.

For more information on these topics, you can download the full McAfee report here.

Vincent Weafer is Senior Vice President of Intel Security, managing more than 350 researchers across 30 countries. He's also responsible for managing millions of sensors across the globe, all dedicated to protecting our customers from the latest cyber threats. Vincent's team ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15820
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.
CVE-2020-15821
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.
CVE-2020-15823
PUBLISHED: 2020-08-08
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
CVE-2020-15824
PUBLISHED: 2020-08-08
In JetBrains Kotlin before 1.4.0, there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
CVE-2020-15825
PUBLISHED: 2020-08-08
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.