Intel Security

McAfee Labs Threats Report: May 2015

Intel Security has released the McAfee Labs Threats Report: May 2015. For the first time ever, we explore attacks on firmware. We also highlight the emergence of new families of ransomware and exploits to Adobe Flash vulnerabilities. Key topics include:

  • A surge in powerful and clever ransomware encrypts files and holds them hostage until the ransom is paid.
  • New Adobe Flash exploits target the growing number of vulnerabilities that have not been patched by users.
  • Persistent and virtually undetectable attacks by the Equation Group that reprogram hard disk drives and solid state drive firmware.

The Equation Group: exploiting hard disk and solid state drive firmware
In February, news broke about a rare but extremely sophisticated attack campaign. The Equation Group, named for their affinity for complex encryption schemes, is thought to be behind the attacks. The most alarming discovery is that the Equation Group’s malware includes hard disk drive and solid state drive reprogramming modules. Once reprogrammed, a compromised system remains infected even if the hard drive is reformatted or the operating system is reinstalled. Further, the reprogrammed firmware and associated malware are undetectable by security software. This marks the first time in a Threats Report that McAfee Labs has examined a firmware-based attack.

We also focus on two familiar faces—ransomware and Adobe Flash exploits—because McAfee Labs saw massive increases in new samples this quarter from both types of threat.

Ransomware returns: new families emerge with a vengeance
For ransomware, we attribute much of its growth to a new, hard-to-detect ransomware family—CTB-Locker—and its use of an “affiliate” program to quickly flood the market with phishing campaigns, leading to CTB-Locker infections. With the newly discovered Tox malware, an off-the-shelf application that lets users build their own ransomware, we expect ransomware to continue its meteoric rise.

Adobe Flash: a favorite of designers and cybercriminals
McAfee Labs attributes the rise in Flash exploits to the steady increase in the number of Flash vulnerabilities; user and enterprise delay in the application of software patches for those vulnerabilities; new, creative methods to exploit them; a steep increase in the number of mobile devices that can play Flash .swf files; and the difficulty of detecting Flash exploits.

For more information on these and other topics, read the McAfee Labs Threats Report: May 2015.