What we do
At McAfee Labs Advanced Threat Research (ATR), our goal is to identify and illuminate a broad spectrum of threats in today's complex and constantly evolving landscape. Our best-of-breed research team leverages a wide range of unique skills to address this challenge. ATR researchers are responsible for leading-edge research in nearly every vertical of threat, including those targeting specific industries such as banking, retail, medical, automotive, industrial controls, and more. We have experts in vulnerability research, working to find and publicly report critical vulnerabilities in the world's most ubiquitous hardware and software. Additionally, we process a variety of malicious content from McAfee's extensive endpoints, allowing us to track global malware campaigns as well as the nation-states and malicious actors behind them. These findings are fed back into the products and solutions that ultimately power McAfee’s products.
McAfee Unveils New Advanced Threat Research Lab
The new Advanced Threat Research Lab provides our researchers access to state-of-the-art hardware and equipment targeting the discovery, exploitation, and responsible disclosure of critical vulnerabilities. The lab also showcases working demos of current or recently completed research projects, such as attacks against medical devices, automobiles, internet of things (IoT) devices, industrial control systems, and more.
Watch NowResearch spotlight
The McAfee Advanced Threat Research team and McAfee Labs Malware Operations Group have discovered a new global campaign targeting nuclear, defense, energy, and financial companies. This campaign, Operation Sharpshooter, leverages an in-memory implant to download and retrieve a second-stage implant for further exploitation.
Download Report >
As our dependency on technology grows, breaches are no longer limited to a specific platform or device. Learn how our McAfee Labs researchers think the threats landscape will evolve in 2019.
Read Report >Download Infographic >
This in-depth report analyzes a new data reconnaissance implant targeting Korean-speaking users. The malware reuses a portion of code from the Seasalt implant (circa 2010) that is linked to the Chinese hacking group Comment Crew.
Download Report >
In Q2 2018, cybercriminals continue to go where the money is—from coin mining to billing fraud campaigns—and evolve and refine their tactics to defraud unsuspecting victims.
Download Report >Download Infographic >
Blockchain, a revolutionary basis for decentralized online transactions, carries security risks. Learn about current security problems and specific incidents within blockchain implementations, and the techniques, targets, and malware used for attacks.
Download Report >
This research from McAfee’s Advanced Threat Research team shows it is possible to emulate and modify a patient’s vital signs in real time on a medical network using a patient monitor and central monitoring station.
Watch Video >
This blog addresses three vectors of research that were combined by Microsoft and together represent CVE-2018-8140. It also includes a demo of a full code execution to log in to a locked Windows device.
Read Blog >Watch Video >
McAfee ATR Team Discovers New IoT Vulnerability in Wemo Insight Smart Plugs
Learn how the ATR team tested a vulnerability in the Wemo Insight Smart Plug, which uses a home Wi-Fi network to control lamps, fans, and other household devices.
Read Blog >Watch Video >
See how the ATR team uses adversarial machine learning in its research of digital attacks on autonomous vehicles.
Industry research
The ATR team continually conducts leading-edge research into the threats that impact a variety of industries. Below are a few of the key areas we are currently focused on. They will be updated as new research is released.
Automotive
Autonomous and connected vehicles demonstrate a nascent but rapidly growing target for threat actors. Vehicle-to-X (V2X) communication—with vehicles connecting to each other, surrounding infrastructure, pedestrians, the cloud, and personal devices—provides many new capabilities and new security responsibilities. ATR investigates the attack surfaces in autonomous vehicles as well as the machine learning algorithms and physical-to-digital attacks related to them.
SCADA and industrial control systems
Multiple threats and attacks over the past few years have proven that industrial control systems are a growing target for malicious actors with numerous potentially dangerous outcomes. ATR is currently investigating multiple areas of SCADA and ICS implementations, including human machine interface (HMI) software, programmable logic controllers (PLCs), and network protocols common to this vertical, such as MODBUS, ICCP, DNP3, and others.
Healthcare and medical devices
The digital transformation in the healthcare industry is truly unlike any other industry. The rapid advancement and innovation—from medical devices and surgical advances to patient management and care—brings new opportunities that can help improve lives, but potential security issues can literally have life and death implications. Our research explores medical devices, networks, protocols, and security practices within the industry to help healthcare organizations continue to innovate securely.
Software-defined radio
In this internet of things (IoT) world where just about everything is talking to something, the secure transmission of data is critical. If basic encryption and authentication are not used, protocols such as wireless networking, Bluetooth, baseband, broadband, and radio can be sniffed, reverse engineered, and potentially compromised. Our research looks at radio frequency, including near-field-communications (NFC and RFID), and wireless transmissions to determine potential impacts to network and proximity devices.
Enterprise software
Enterprise software has long been a rich target for malicious actors due to the attractive return on investment for discovering vulnerabilities. When a single flaw in Windows, for example, can affect millions of users, it will quickly be leveraged in exploit kits, phishing attempts, watering hole attacks, and much more. By discovering and disclosing these critical vulnerabilities in the world’s most popular software, the Advanced Threat Research team continuously reduces the overall attack surface for one of the most attractive targets for cybercriminals.
Consumer electronics
With the ever-expanding market for smart homes and home-automation devices, consumer electronics are a growing target for threat actors. Many of these products have little to no security, yet we allow them in our homes or even businesses without thinking twice. The Advanced Threat Research team searches for vulnerabilities in these devices to identify threats and guide manufacturers toward more secure products, reducing the potential for attackers to gain access to home or business networks. Our efforts focus on researching upcoming “smart” products as well as devices that are already deployed in these environments.
