Machine Learning, the Unsung Hero in the Latest ‘Threats Report’

This blog post was written by Vincent Weafer.

The story about ransomware in hospitals in our newly published McAfee Labs Threats Report: September 2016 will probably garner most of the media’s attention, but I think the most interesting story in the report is about machine learning. Here’s why.

McAfee has used machine learning in our classification models since the mid-2000s. Initially, we employed it in our spam and sender-reputation mechanisms. Now it is used in many of our descriptive and diagnostic mechanisms, including file classification, mobile app classification, URL classification, URL content labeling, cloud security anomaly detection, network anomaly detection, threat intelligence feed validation, traffic pattern anomaly detection, and more.

Machine learning is increasingly being leveraged in the security industry to automate advanced classification, scoping, and prioritization of security events—what we call Analytics 3.0—making it possible to perform both predictive analytics (“What will happen”) and prescriptive analytics (“This is what is recommended because that will happen”). There are many exciting things under development in McAfee Labs that will further leverage machine learning in these areas.

I encourage you to read this story, as it explains the differences among machine learning, cognitive computing, and neural networks. It also details the pros and cons of machine learning, debunks myths, and explains how machine learning can be used to improve threat detection.


Of course, many readers of the Threat Report are quite interested in the scourge of ransomware and how to stop it, so that headline-grabbing story is well worth a read. Here’s what we discovered:

  • During the past year, we have seen a shift in targets from individuals to businesses because the latter will pay higher ransoms.
  • Recently, hospitals have become very popular targets of ransomware authors. We found that at least 19 hospitals were infected with ransomware in Q1 and Q2.
  • We also discovered that a related group of Q1 targeted attacks on hospitals generated about $100,000 in ransom payments. The attacks relatively unsophisticated but successful.
  • We tracked these Q1 hospital ransom payments to a broader cybercrime operation taking $121 million over the course of six months.

To learn more about how to protect against ransomware in health care organization, read our Solution Brief Protect health care systems against ransomware. More information about ransomware and ways to protect against it can be found here.


Also in the September threat report is a story about data loss, based on extensive primary research by McAfee. We wanted to gain a deeper understanding of the people behind these leaks, the types of data lost, and the ways it is getting outside of organizations. We interviewed 1,000 security practitioners globally, spanning small to large companies in five industries. Among other things, we found:

  • The gap between data loss and breach discovery is getting larger.
  • Health care providers and manufacturers are sitting ducks.
  • The typical data loss prevention approach is increasingly ineffective against new theft targets.
  • Most businesses don’t watch the second most common method of data loss.
  • Visibility is vital.
  • Data loss prevention is implemented for the right reasons.

To learn more about how to protect against data loss, read our Solution Brief Prevent data from leaking out of your organization.


Finally, we highlight significant threat activity and statistics.

  • The 1.3 million new ransomware samples in Q2 2016 was the highest figure ever recorded since McAfee Labs began tracking this type of threat. Total ransomware has increased 128% in the past year.
  • Mobile malware. The nearly two million new mobile malware samples was the highest amount ever recorded by McAfee Labs. Total mobile malware has grown 151% in the past year.
  • Macro malware. New downloader Trojans such as Necurs and Dridex delivering Locky ransomware drove a more than 200% increase in new macro malware in Q2.
  • Mac OS malware. The diminished activity from the OSX.Trojan.Gen adware family dropped new Mac OS malware detections by 70% in the second quarter.
  • Botnet activity. Wapomi, which delivers worms and downloaders, increased by 8% in Q2. Last quarter’s number two, Muieblackcat, which opens the door to exploits, fell by 11%.

For more information on these key topics, or more threat landscape statistics for Q2 2016, click here.


FacebookLinkedInTwitterEmailCopy Link

Stay Updated

Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.


More from McAfee Labs

Back to top