McAfee Labs Dubs 2014 “Year of Shaken Trust”;
Predicts 2015 Trends in Internet Trust Exploits, Privacy, Mobile,
Internet of Things, and Cyber Espionage
Intel® Security today released its McAfee Labs November 2014
Threats Report, including an analysis of threat activity in the
third quarter of 2014, and the organization’s annual 2015 Threats
Predictions for the coming year. The report details a third quarter
filled with threat development milestones and cyber events
exploiting long-established Internet trust standards. McAfee Labs
forecasts a 2015 threat landscape shaped by more attacks exploiting
these standards, new attack surfaces in mobile and Internet of
Things (IoT), and increasingly sophisticated cyber espionage
capabilities, including techniques capable of evading sandboxing
detection technologies.
In the third quarter, McAfee Labs detected more than 307 new
threats every minute, or more than five every second, with mobile
malware samples growing by 16 percent during the quarter, and
overall malware surging by 76 percent year over year. The
researchers also identified new attempts to take advantage of
Internet trust models, including secure socket layer (SSL)
vulnerabilities such as Heartbleed and BERserk, and the continued
abuse of digital signatures to disguise malware as legitimate
code.
In 2015, McAfee Labs predicts malicious parties will seek to
extend their ability to avoid detection over long periods, with
non-state actors increasingly adopting cyber espionage capabilities
for monitoring and collecting valuable data over extended targeted
attack campaigns. The researchers predict more aggressive efforts
to identify application, operating system, and network
vulnerabilities, and an increasing focus on the limitations of
sandboxing technologies as hackers attempt to evade application-
and hypervisor-based detection.
“The year 2014 will be remembered as ‘the Year of Shaken
Trust,’” said Vincent Weafer, Senior Vice President, McAfee Labs,
part of Intel Security. “This unprecedented series of events shook
industry confidence in long-standing Internet trust models,
consumer confidence in organizations’ abilities to protect their
data, and organizations’ confidence in their ability to detect and
deflect targeted attacks in a timely manner. Restoring trust in
2015 will require stronger industry collaboration, new standards
for a new threat landscape, and new security postures that shrink
time-to-detection through the superior use of threat data.
Ultimately, we need to get to a security model that’s built-in by
design, seamlessly integrated into every device at every layer of
the compute stack.”
McAfee Labs foresees the following trends in 2015:
1. Increased use of cyber warfare and espionage tactics.
Cyber espionage attacks will continue to increase in frequency as
long-term players will become stealthier information gatherers,
while newcomers to cyber-attack capabilities will look for ways to
steal sensitive information and disrupt their adversaries.
- Established nation-state actors will
work to enhance their ability to remain hidden on victim systems
and networks.
- Cybercriminals will continue to act
more like nation-state cyber espionage actors, focusing on
monitoring systems and gathering high-value intelligence on
individuals, intellectual property, and operational
intelligence.
- McAfee Labs predicts that more small
nation states and terror groups will use cyber warfare.
2. Greater Internet of Things attack frequency,
profitability, and severity. Unless security controls are
built-in to their architectures from the beginning, the rush to
deploy IoT devices at scale will outpace the priorities of security
and privacy. This rush and the increasing value of data gathered,
processed, and shared by these devices will draw the first notable
IoT paradigm attacks in 2015.
- The increasing proliferation of IoT
devices in environments such as health care could provide malicious
parties access to personal data even more valuable than credit card
data. For instance, according to the McAfee Labs report entitled
Cybercrime Exposed: Cybercrime-as-a-Service, the cybercrime
community currently values stolen health credentials at around $10
each, which is about 10 to 20 times the value of a stolen U.S.
credit card number.
3. Privacy debates intensify. Data privacy will continue
to be a hot topic as governments and businesses continue to grapple
with what is fair and authorized access to inconsistently defined
“personal information.”
- In 2015 we will see continued
discussion and lack of clarity around what constitutes “personal
information” and to what extent that information may be accessed
and shared by state or private actors.
- We will see a continued evolution in
scope and content of data privacy rules and regulations, we may
even see laws begin to regulate the use of previously anonymous
data sets.
- The European Union, countries in Latin
America, as well as Australia, Japan, South Korea, Canada, and many
others may enact more stringent data privacy laws and
regulations.
4. Ransomware evolves into the cloud. Ransomware will
evolve its methods of propagation, encryption, and the targets it
seeks. More mobile devices are likely to suffer attacks.
- We predict ransomware variants that
manage to evade security software installed on a system will
specifically target endpoints that subscribe to cloud-based storage
solutions.
- Once the endpoint has been infected,
the ransomware will attempt to exploit the logged-on user's stored
credentials to also infect backed-up cloud storage data.
- We expect the technique of ransomware
targeting cloud-backed-up data to be repeated in the mobile
space.
- We expect a continued rise in mobile
ransomware using virtual currency as the ransom payment
method.
5. New mobile attack surfaces and capabilities. Mobile
attacks will continue to grow rapidly as new mobile technologies
expand the attack surface.
- The growing availability of
malware-generation kits and malware source code for mobile devices
will lower the barrier to entry for cybercriminals targeting these
devices.
- Untrusted app stores will continue to
be a major source of mobile malware. Traffic to these stores will
be driven by “malvertising,” which has grown quickly on mobile
platforms.
6. POS attacks increase and evolve with digital payments.
Point of sale (POS) attacks will remain lucrative, and a
significant upturn in consumer adoption of digital payment systems
on mobile devices will provide new attack surfaces that
cybercriminals will exploit.
- Despite current efforts by retailers to
deploy more chip-and-pin cards and card readers, McAfee Labs sees
continued growth in POS system breaches in 2015 based on the sheer
numbers of POS devices that will need to be upgraded in North
America.
- Near field communications (NFC) digital
payment technology will become an entirely new attack surface to
exploit, unless user education can successfully guide users in
taking control of NFC features on their mobile devices.
7. Shellshock sparks Unix, Linux attacks. Non-Windows
malware attacks will increase as a result of the Shellshock
vulnerability.
- McAfee Labs predicts that the
aftershocks of Shellshock with be felt for many years given the
number of potentially vulnerable Unix or Linux devices, from
routers to TVs, industrial controllers, flight systems, and
critical infrastructure.
- In 2015, this will drive a significant
increase in non-Windows malware as attackers look to exploit the
vulnerability.
8. Growing exploitation of software flaws. The
exploitation of vulnerabilities is likely to increase as new flaws
are discovered in popular software products.
- McAfee Labs predicts that exploitation
techniques such as stack pivoting, return- and jump-oriented
programming, and a deeper understanding of 64-bit software will
continue to drive the growth in the number of newly discovered
vulnerabilities, as will the volume of malware that exploits those
newly discovered vulnerabilities.
9. New evasion tactics for sandboxing. Escaping the
sandbox will become a significant IT security battlefield.
- Vulnerabilities have been identified in
the sandboxing technologies implemented with critical and popular
applications. McAfee Labs predicts a growth in the number of
techniques to exploit those vulnerabilities and escape application
sandboxes.
- Beyond application sandboxing, McAfee
Labs predicts that 2015 will bring malware that can successfully
exploit hypervisor vulnerabilities to break out of some security
vendors’ standalone sandbox systems.
For a full copy of the McAfee Labs Threats Report: November
2014, which includes 2015 threat predictions, please visit:
http://mcaf.ee/ojbsz
About McAfee Labs
McAfee Labs is one of the world’s leading sources for threat
research, threat intelligence, and cybersecurity thought
leadership. The McAfee Labs team of more than 400 researchers
collects threat data from millions of sensors across key threat
vectors—file, web, message, and network. It then performs
cross-vector threat correlation analysis and delivers real-time
threat intelligence to tightly integrated McAfee endpoint and
network security products through its cloud-based McAfee Global
Threat Intelligence service. McAfee Labs also develops core threat
detection technologies—such as DeepSAFE, application profiling, and
graylist management—that are incorporated into the broadest
security product portfolio in the industry.
About Intel Security
McAfee is now part of Intel Security. With its Security
Connected strategy, innovative approach to hardware-enhanced
security, and unique McAfee Global Threat Intelligence, Intel
Security is intensely focused on developing proactive, proven
security solutions and services that protect systems, networks, and
mobile devices for business and personal use around the world.
Intel Security is combining the experience and expertise of McAfee
with the innovation and proven performance of Intel to make
security an essential ingredient in every architecture and on every
computing platform. The mission of Intel Security is to give
everyone the confidence to live and work safely and securely in the
digital world. www.intelsecurity.com.
Note: Intel, Intel Security, and McAfee are trademarks or
registered trademarks of Intel Corporation in the United States and
other countries. Other names and brands may be claimed as the
property of others.
McAfeeChris Palm, 408-346-3089Chris_Palm@McAfee.comorZeno
GroupJanelle Dickerson,
650-801-0936Janelle.Dickerson@zenogroup.com
Intel (NASDAQ:INTC)
Historical Stock Chart
From Mar 2024 to Apr 2024
Intel (NASDAQ:INTC)
Historical Stock Chart
From Apr 2023 to Apr 2024