McAfee has released the McAfee Labs Threats Report: February 2015, which highlights the continuing impact — this time to mobile apps — from several dangerous SSL/TLS vulnerabilities that were exposed in 2014. It also details the inner workings of the powerful Angler exploit kit, which overtook Blacole as the preferred exploit kit in 2014. Finally, the report explores the challenging world of potentially unwanted programs (PUPs), which live in the world between nuisance and malicious malware but are becoming more and more aggressive. The report concludes with Q4 threats statistics spanning malware, mobile threats, web threats, messaging threats, and network threats.
Mobile users exposed: SSL/TLS vulnerabilities live on
Our key topic discusses cryptographic vulnerabilities in popular mobile apps that allow cybercriminals to establish man-in-the-middle attacks when users sign on to their mobile apps’ companion websites. Poor programming practices by these app developers exposes their users to a variety of SSL/TLS vulnerabilities such as BERserk and Heartbleed, which relate to the formation of secure sessions. As a result, all communications between the mobile apps and their websites, including usernames and passwords, are potentially viewable by cybercriminals. This exposure, coupled with the commercial availability of mobile malware source code and the McAfee Labs prediction that mobile malware generation kits will soon be offered in the Dark Web, is a recipe for theft and could lead to an erosion of trust in the Internet.
After the death of Blacole: the Angler-exploit kit
An exploit kit is an off-the-shelf software package containing easy-to-use attacks against known and unknown vulnerabilities. Very quickly after the arrest of the Blacole exploit kit’s creator in 2013, cybercriminals migrated to the Angler exploit kit to deliver their payloads. Because Angler is simple to use and widely available through online dark markets, it has become a preferred method to transport malware. In the second half of 2014, the Angler exploit kit gained the attention of the security industry because of its prevalence and because of new capabilities such as file-less infection, virtual machine and security product detection, and its ability to deliver a wide range of payloads including banking Trojans, rootkits, ransomware, CryptoLocker, and backdoor Trojans. As of this writing, it remains one of the most popular exploit kits.
Fifty shades of gray: the challenging world of potentially unwanted programs
PUPs are applications that pose as legitimate apps but perform unauthorized actions like displaying unintended ads, modifying browser settings, or collecting user and system data. The most common distribution techniques for PUPs include piggybacking legitimate apps, social engineering, online ad hijacking, unintended installation of browser extensions and plug-ins, and forced installation along with legitimate apps. They are hard to police because they don’t exhibit the kind of malicious behavior typically caught by security products. As this story highlights, some PUP creators are becoming more sinister, so PUP policies must be frequently updated to ensure proper protection.
The infographic highlights key facts about these topics plus some of the most significant Q4 threats statistics.
Other documents related to this report: