Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

11/20/2013
07:44 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

McAfee Labs Sees New Threats Subverting Digital Signature Validation

McAfee Labs Threats Report: Third Quarter 2013 found new efforts to circumvent digital signature app validation on both PCs and Android-based devices

November 20, 2013 12:00 PM Eastern Standard Time

SANTA CLARA, Calif.--(BUSINESS WIRE)--McAfee Labs today released the McAfee Labs Threats Report: Third Quarter 2013, which found new efforts to circumvent digital signature app validation on both PCs and Android-based devices. The McAfee Labs team identified a new family of mobile malware that allows an attacker to bypass the digital signature validation of apps on Android devices, which contributed to a 30% increase in Android-based malware. At the same time, traditional malware signed with digital signatures grew by 50% to more than 1.5 million samples. Less surprising but no less daunting was a 125% increase in spam.

"Virtual Laundry: An Analysis of Online Currencies, and Their Use in Cybercrime."

"The efforts to bypass code validation on mobile devices, and commandeer it altogether on PCs, both represent attempts to circumvent trust mechanisms upon which our digital ecosystems rely," said Vincent Weafer, senior vice president of McAfee Labs. "The industry must work harder to ensure the integrity of these technologies given they are becoming more pervasive in every aspect of our daily lives."

The third quarter also saw notable events in the use of Bitcoin for illicit activities such as the purchase of drugs, weapons, and other illegal goods on websites such as Silk Road. The growing presence of Bitcoin-mining malware reinforced the increasing popularity of the currency.

Weafer continued: "As these currencies become further integrated into our global financial system, their stability and safety will require both financial monetary controls and oversight, and the security measures our industry provides."

Leveraging data from the McAfee Global Threat Intelligence (GTI) network, the McAfee Labs team identified the following trends in Q3 2013:

Digitally signed malware. Digitally signed malware samples increased 50%, to more than 1.5 million new samples. McAfee Labs also revealed the top 50 certificates used to sign malicious payloads. This growing threat calls into question the validity of digital certificates as a trust mechanism.

New mobile malware families. McAfee Labs researchers identified one entirely new family of Android malware, Exploit/MasterKey.A, which allows an attacker to bypass the digital signature validation of apps, a key component of the Android security process. McAfee Labs researchers also found a new class of Android malware that once installed downloads a second-stage payload without the user's knowledge.

Virtual currencies. Use of new digital currencies by cybercriminals to both execute illegal transactions and launder profits is enabling new and previously unseen levels of criminal activity. These transactions can be executed anonymously, drawing the interest of the cybercriminal community and allowing them to offer illicit goods and services for sale in transactions that would normally be transparent to law enforcement. McAfee Labs also saw cybercriminals develop Bitcoin-mining malware to infect systems, mine their processing power, and produce Bitcoins for commercial transactions. For more information, please read the McAfee Labs report "Virtual Laundry: An Analysis of Online Currencies, and Their Use in Cybercrime."

Android malware. Nearly 700,000 new Android malware samples appeared during the third quarter, as attacks on the mobile operating system increased by more than 30%. Despite responsible new security measures by Google, McAfee Labs believes the largest mobile platform will continue to draw the most attention from hackers given it possesses the largest base of potential victims.

Spike in spam. Global spam volume increased 125% in the third quarter of 2013. McAfee Labs researchers believe much of this spike was driven by legitimate "affiliate" marketing firms purchasing and using mailing lists sourced from less than reputable sources.

Each quarter, the McAfee Labs team of 500 multidisciplinary researchers in 30 countries follows the complete range of threats in real time, identifying application vulnerabilities, analyzing and correlating risks, and enabling instant remediation to protect enterprises and the public. To read the full McAfee Labs Threats Report: Third Quarter 2013, please visit: http://mcaf.ee/s4xfb.

About McAfee Labs

McAfee Labs is the world's leading source for threat research, threat intelligence, and cyber security thought leadership. The McAfee Labs team of 500 threat researchers correlates real-world data collected from millions of sensors across key threat vectors--file, web, message, and network--and delivers threat intelligence in real-time to increase protection and reduce risk.

About McAfee

McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), empowers businesses, the public sector, and home users to safely experience the benefits of the Internet. The company delivers proactive and proven security solutions and services for systems, networks, and mobile devices around the world. With its Security Connected strategy, innovative approach to hardware-enhanced security, and unique Global Threat Intelligence network, McAfee is relentlessly focused on keeping its customers safe. http://www.mcafee.com

Note: McAfee is a trademark or registered trademark of McAfee, Inc. in the United States and other countries. Other names and brands may be claimed as the property of others.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27218
PUBLISHED: 2020-11-28
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is ...
CVE-2020-29367
PUBLISHED: 2020-11-27
blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.
CVE-2020-26245
PUBLISHED: 2020-11-27
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sani...
CVE-2017-15682
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
CVE-2017-15683
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.