McAfee Labs Report Highlights Critical Challenges to Threat Intelligent Sharing
April 06 2017 - 12:01AM
Business Wire
McAfee Catalogs 176 New Cyber Threats Every
Minute, Almost Three Every Second; Ransomware Grows 88%, Mobile
Malware Grows 99% in 2016
NEWS HIGHLIGHTS
- Threat intelligence sharing undermined
by data volume, validation, quality, speed and correlation
challenges
- McAfee Labs detected 176 new
cyber-threats every minute, almost three every second in Q4
2016
- Ransomware grew 88% in 2016 despite Q4
decline in Locky and CryptoWall family activity
- Mobile malware grew 99% in 2016;
overall malware grew 24% in 2016 to 638 million samples
- While still a minute fraction compared
to Windows threats, new Mac OS malware samples grew 245% in Q4;
total samples grew 744% in 2016
- McAfee Labs estimates that five
Internet of Things device IP addresses are infected by Mirai each
minute
McAfee Inc. today released its McAfee Labs Threats Report: April
2017, which details the challenges facing threat intelligence
sharing efforts, probes the architecture and inner workings of
Mirai botnets, assesses reported attacks across industries, and
reveals growth trends in malware, ransomware, mobile malware and
other threats in Q4 2016.
“The security industry faces critical challenges in our efforts
to share threat intelligence between entities, among vendor
solutions, and even within vendor portfolios,” said Vincent Weafer,
Vice President of McAfee Labs. “Working together is power.
Addressing these challenges will determine the effectiveness of
cybersecurity teams to automate detection and orchestrate
responses, and ultimately tip the cybersecurity balance in favor of
defenders.”
The report reviews the background and drivers of threat
intelligence sharing; various threat intelligence components,
sources, and sharing models; how mature security operations can use
shared data; and critical sharing challenges that the industry must
overcome. Those challenges include:
- Volume. A massive
signal-to-noise problem continues to plague defenders trying to
triage, process, and act on the highest-priority security
incidents.
- Validation. Attackers may file
false threat reports to mislead or overwhelm threat intelligence
systems, and data from legitimate sources can be tampered with if
poorly handled.
- Quality. If vendors focus just
on gathering and sharing more threat data, there is a risk that
much of it will be duplicative, wasting valuable time and effort.
Sensors must capture richer data to help identify key structural
elements of persistent attacks.
- Speed. Intelligence received too
late to prevent an attack is still valuable, but only for the
cleanup process. Security sensors and systems must share threat
intelligence in near real time to match attack speeds.
- Correlation. The failure to
identify relevant patterns and key data points in threat data makes
it impossible to turn data into intelligence and then into
knowledge that can inform and direct security operations
teams.
To move threat intelligence sharing to the next level of
efficiency and effectiveness, McAfee Labs suggests focusing on
three areas:
- Triage and prioritization.
Simplify event triage and provide a better environment for security
practitioners to investigate high-priority threats.
- Connecting the dots. Establish
relationships between indicators of compromise so that threat
hunters can understand their connections to attack campaigns.
- Better sharing models. Improve
ways to share threat intelligence between our own products and with
other vendors.
“Increasingly sophisticated attackers are evading discrete
defense systems, and siloed systems let in threats that have been
stopped elsewhere because they do not share information,” Weafer
continued. “Threat intelligence sharing enables us to learn from
each other’s experiences, gaining insight based on multiple
attributes that build a more complete picture of the context of
cyber events.”
Mirai Botnet Proliferation
Mirai was responsible for the fourth quarter’s highly publicized
DDoS attack on Dyn, a major DNS service provider. Mirai is notable
because it detects and infects poorly secured IoT devices,
transforming them into bots to attack its targets.
The October public release of the Mirai source code led to a
proliferation of derivative bots, although most appear to be driven
by script kiddies and are relatively limited in their impact. But
the source code release has also led to offerings of
“DDoS-as-a-service” based on Mirai, making it simple for
unsophisticated yet willing attackers to execute DDoS attacks that
leverage other poorly secured IoT devices. Mirai botnet-based DDoS
attacks are available as a service in the cybercriminal marketplace
for $50 to $7,500 per day.
McAfee Labs estimates that 2.5 million Internet of Things (IoT)
devices were infected by Mirai by the end of Q4 2016, with about
five IoT device IP addresses added to Mirai botnets each minute at
that time.
For more on the Mirai botnet, please see our blog and video on
the topic.
Q4 2016 Threat Activity
In the fourth quarter of 2016, McAfee Labs’ Global Threat
Intelligence network registered notable trends in cyber-threat
growth and cyber-attack incidents across industries:
- Malware growth. The number of
new malware samples slowed 17% in Q4, while the overall count grew
24% in 2016 to 638 million samples.
- Mobile malware. The number of
new mobile malware samples declined 17% in Q4, while total mobile
malware grew 99% in 2016.
- Ransomware growth. The number of
new ransomware samples dropped 71% in Q4, mostly due to a drop in
generic ransomware detections, as well as a decrease in the
activity of the Locky and CryptoWall strains. The number of total
ransomware samples grew 88% in 2016.
- Mac OS malware. Although still
small compared to Windows threats, the number of new Mac OS malware
samples grew 245% in Q4 due to adware bundling. Total Mac OS
malware grew 744% in 2016.
- Spam botnets. Spam email
messages from the top 10 botnets dropped 24% in Q4 to 181 million
emails. They generated 934 million spam messages in 2016
overall.
- Reported security incidents.
McAfee counted 197 publicly-disclosed security incidents in Q4 and
974 publicly-disclosed security incidents in 2016. Security
incidents are events that compromise the integrity,
confidentiality, or availability of information assets. Some, but
not all, of these incidents are breaches. Breaches are incidents
that result in the confirmed disclosure (not just potential
exposure) of data.
- Public sector cyber-attacks. The
public sector experienced the greatest number of incidents by far,
but McAfee believes this may be the result of stricter requirements
for reporting incidents, as well as an increase in attacks related
to the U.S. election process, mostly voter database incidents and
defacing of election websites.
- Banking and gaming attacks. A Q3
jump in incidents in the software development sector was due to the
rise in attacks on gaming platforms. In the finance sector, the
SWIFT attacks on the banking sector led to a Q2 jump in
incidents.
- Botnet activity. The KelihosC
botnet, a recent purveyor of phony pharmaceuticals and Russian
automotive supplies (such as “winter and summer tires at
competitive prices”), increased its overall volume during Q4.
For more information on these trends, or more threat landscape
statistics for Q4 2016, visit www.mcafee.com for the full
report.
For guidance on how organizations can better protect their
enterprises from the threats detailed in this quarter’s report,
visit Enterprise Blog.
About McAfee Labs
McAfee Labs is one of the world’s leading sources for threat
research, threat intelligence, and cybersecurity thought
leadership. With data from millions of sensors across key threats
vectors—file, web, and network—McAfee Labs delivers real-time
threat intelligence, critical analysis, and expert thinking to
improve protection and reduce risks. McAfee Labs also develops core
threat detection technologies that are incorporated into the
broadest security product portfolio in the industry.
About McAfee
McAfee is one of the world’s leading independent cybersecurity
companies. Inspired by the power of working together, McAfee
creates business and consumer solutions that make the world a safer
place. www.mcafee.com
McAfee and the McAfee logo are trademarks of McAfee LLC in the
United States and other countries.
*Other names and brands may be claimed as the property of
others.
View source
version on businesswire.com: http://www.businesswire.com/news/home/20170405006423/en/
McAfeeChris Palm, 408-346-3089Chris_Palm@McAfee.comorZeno
GroupJanelle Dickerson,
650-801-0936Janelle.Dickerson@zenogroup.com
Intel (NASDAQ:INTC)
Historical Stock Chart
From Aug 2024 to Sep 2024
Intel (NASDAQ:INTC)
Historical Stock Chart
From Sep 2023 to Sep 2024