McAfee has released the McAfee Labs Threats Report: November 2014, which details the far-reaching BERserk vulnerability, explores the various forms of trust abuse, provides threats statistics spanning malware, mobile threats, web threats, messaging threats, and network threats. The report also offers a set of threats predictions for 2015. Our report discusses the key topics below:
Going BERserk: trusted connectivity takes a big hit
In September, we released details of a far-reaching vulnerability dubbed BERserk, in a nod to the underlying code that forms the source of the vulnerability. At the time of this writing, BERserk’s full impact is not known, but it is very significant. BERserk takes advantage of a flaw in RSA signature verification software, opening the door to cybercriminals to establish man-in-the-middle attacks without user knowledge. Establishing trust when accessing a website usually starts with “https” at the beginning of a URL coupled with a friendly padlock to seal the deal. BERserk compromises that link, allowing bad guys to watch and do anything they want with the flow of information between the user and the website.
Abuse of trust: exploiting online security's weak link
The weakest links in most security setups are users. We rely on devices for most of our information and trust that they provide accurate information in a secure manner. Attackers often zero in on the trust we place in our devices, using it against us to steal information. This topic explores trust abuse, highlighting through recent examples the many ways in which cybercriminals take advantage of our trust relationships. McAfee Labs believes that trust in many forms of online interaction will go the way of email, which inspires limited confidence in its authenticity.
The infographic highlights key facts about these topics plus some of the most significant Q3 threats statistics.
Other documents related to this report: