McAfee Labs Report Reviews Five Years of Hardware and Software Threat Evolution

Report Provides Five-Year Threat Retrospective, GPU Malware Assessment, and Techniques for Exfiltrating Data from Corporate Networks; Ransomware Rises 127% from Q2 2014 to Q2 2015

SANTA CLARA, Calif. September 1, 2015 — Intel® Security today released its McAfee Labs Threats Report: August 2015, which includes a critique of graphics processing unit (GPU) malware claims, an investigation of the top cybercriminal exfiltration techniques, and a five-year retrospective on the evolution of the threat landscape since Intel Corporation’s announcement of the McAfee acquisition.

McAfee Labs commemorates the five-year anniversary of the Intel-McAfee union by comparing what researchers thought would happen beginning in 2010 with what actually happened in the realm of hardware and software security threats. Key researchers and executives reviewed our predictions on the security capabilities of silicon, the challenges of emerging hard-to-detect attacks, and our 2010 expectations for new device types versus the reality of the marketplace.

The five-year threat landscape analysis suggests:

“We were impressed by the degree to which three key factors – expanding attack surfaces, the industrialization of hacking, and the complexity and fragmentation of the IT security market – accelerated the evolution of threats, and size and frequency of attacks,” said Vincent Weafer, senior vice president, Intel Security’s McAfee Labs. “To keep pace with such momentum, the cybersecurity community must continue to improve threat intelligence sharing, recruit more security professionals, accelerate security technology innovation, and continue to engage governments so they can fulfill their role to protect citizens in cyberspace.”

The August report also probes into the details of three proofs-of-concept (PoC) for malware exploiting GPUs in attacks. While nearly all of today’s malware is designed to run from main system memory on the central processing unit (CPU), these PoCs leverage the efficiencies of these specialized hardware components designed to accelerate the creation of images for output to a display. The scenarios suggest hackers will attempt to leverage GPUs for their raw processing power, using them to evade traditional malware defenses by running code and storing data where traditional defenses do not normally watch for malicious code.

Reviewing the PoCs, Intel Security agrees that moving portions of malicious code off of the CPU and host memory reduces the detection surface for host-based defenses. However, researchers argue that, at a minimum, trace elements of malicious activity remain in memory or CPUs, allowing endpoint security products to detect and remediate threats.

McAfee Labs also details techniques cybercriminals use to exfiltrate a wide variety of information on individuals from corporate networks: names, dates of birth, addresses, phone numbers, social security numbers, credit and debit card numbers, health care information, account credentials, and even sexual preferences. In addition to tactics and techniques used by attackers, this analysis examines attacker types, their motivations, and their likely targets, as well as the policies businesses should embrace to better detect exfiltration.

The August 2015 report also identified a number of other developments in the second quarter of 2015:

For more information, please read the full report: McAfee Labs Threats Report: August 2015.

For guidance on how organizations can better protect their enterprise from the threats detailed in this quarter’s report, please visit: Enterprise Blog.

About McAfee Labs
McAfee Labs is the threat research division of Intel Security and one of the world’s leading sources for threat research, threat intelligence, and cybersecurity thought leadership. The McAfee Labs team of more than 400 researchers collects threat data from millions of sensors across key threat vectors—file, web, message, and network. It then performs cross-vector threat correlation analysis and delivers real-time threat intelligence to tightly integrated McAfee endpoint, content, and network security products through its cloud-based McAfee Global Threat Intelligence service. McAfee Labs also develops core threat detection technologies—such as application profiling, and graylist management—that are incorporated into the broadest security product portfolio in the industry.

About Intel Security
McAfee Labs is now part of Intel Security. With its Security Connected strategy, innovative approach to hardware-enhanced security, and unique McAfee Global Threat Intelligence, Intel Security is intensely focused on developing proactive, proven security solutions and services that protect systems, networks, and mobile devices for business and personal use around the world. Intel Security is combining the experience and expertise of McAfee with the innovation and proven performance of Intel to make security an essential ingredient in every architecture and on every computing platform. The mission of Intel Security is to give everyone the confidence to live and work safely and securely in the digital world.

No computer system can be absolutely secure.

Note: Intel, Intel Security, the Intel logo, McAfee and the McAfee logo are trademarks or registered trademarks of Intel Corporation in the United States and other countries.

*Other names and brands may be claimed as the property of others.


Chris Palm
Intel Security

Janelle Dickerson
Zeno Group