McAfee Labs Report Finds 93 Percent of Security Operations Center Managers Overwhelmed by Alerts and Unable to Triage Potential Threats

Security Operations Center Survey Respondents Acknowledge Inability to Keep Up with Cybersecurity Alerts or Triage Relevant Events for Investigation

NEWS HIGHLIGHTS

SANTA CLARA, Calif., Dec. 13, 2016 – Intel Security today released its McAfee Labs Threats Report: December 2016, which provides insights into how enterprises are using security operations centers (SOCs), details key 2016 developments in ransomware, and illustrates how attackers are creating difficult-to-detect malware by infecting legitimate code with Trojans and leveraging that legitimacy to remain hidden as long as possible. The December report also details the growth of ransomware, mobile malware, macro malware, Mac OS malware and other threats in Q3 2016.

“One of the harder problems in the security industry is identifying the malicious actions of code that was designed to behave like legitimate software, with low false positives,” said Vincent Weafer, vice president of Intel Security’s McAfee Labs. “The more authentic a piece of code appears, the more likely it is to be overlooked. Just as 2016 saw more ransomware become sandbox-aware, the need to conceal malicious activity is driving a trend toward ‘Trojanizing’ legitimate applications. Such developments place an ever greater workload on an organization’s SOC – where success requires an ability to quickly detect, hunt down, and eradicate attacks in progress.”

The State of the SOC in 2016
In mid-2016, Intel Security commissioned a primary research study to gain a deeper understanding of the ways in which enterprises use SOCs, how they have changed over time, and what they will look like in the future. Interviews with nearly 400 security practitioners across several countries, industries and company sizes yielded valuable information on the state of the SOC in 2016:

Survey respondents said that the highest priority for the growth and investment of SOCs is to improve the ability to respond to confirmed attacks, which includes the ability to coordinate, remediate, eradicate, learn and prevent reoccurrences.

For more information on McAfee Labs research into the state of SOCs, see Do you need to pull up your SOCs?

Emergence of “Trojanized” Legitimate Software
The report also detailed some of the many ways attackers place Trojans within commonly accepted code to obscure their malicious intent. McAfee Labs identified a variety of approaches to accomplishing this:

For more information on the Trojanization of legitimate software, see Trojanization is on the rise.

2016: The Year of Ransomware?
Through the end of Q3, the number of new ransomware samples in 2016 totaled 3,860,603, leading to an increase of 80 percent in total ransomware samples since the beginning of the year. Beyond the leap in volume, ransomware exhibited notable technical advances in 2016, including partial or full disk encryption, encryption of websites used by legitimate applications, anti-sandboxing, more sophisticated exploit kits for ransomware delivery, and more ransomware-as-a-service developments.

“Last year we predicted that the incredible growth in ransomware attacks in 2015 would continue into 2016,” Weafer said. “The year 2016 may indeed be remembered as ‘the year of ransomware,’ with both a huge jump in the number of ransomware attacks, a number of high-profile attacks that generated wide media interest, and significant technical advances in this type of attack. On the other side of the ransomware attacks, greater cooperation between the security industry and law enforcement, and constructive collaboration between industry rivals truly began to deliver results in taking the fight to the criminals. As a result, we expect the growth of ransomware attacks to slow in 2017.”

For more information on the developments in the ransomware space, see A Year at Ransom.

Q3 2016 Threat Activity
In the third quarter of 2016, McAfee Labs’ Global Threat Intelligence network registered notable surges in ransomware, mobile malware and macro malware:

For more information on these trends, or more threat landscape statistics for Q3 2016, visit www.mcafee.com for the full report.

For guidance on how organizations can better protect their enterprises from the threats detailed in this quarter’s report, visit Enterprise Blog.

About McAfee Labs
McAfee Labs is the threat research division of Intel Corporation’s Intel Security Group, and one of the world’s leading sources for threat research, threat intelligence, and cybersecurity thought leadership. The McAfee Labs team of researchers collects threat data from millions of sensors across key threat vectors—file, web, message and network. It then performs cross-vector threat correlation analysis and delivers real-time threat intelligence to tightly integrated McAfee endpoint, content and network security products through its cloud-based McAfee Global Threat Intelligence service. McAfee Labs also develops core threat detection technologies – such as application profiling and graylist management – that are incorporated into the broadest security product portfolio in the industry.

About Intel Security
McAfee Labs is now part of Intel Security. With its Security Connected strategy, innovative approach to hardware-enhanced security and unique McAfee Global Threat Intelligence, Intel Security is intensively focused on developing proactive, proven security solutions and services that protect systems, networks and mobile devices for business and personal use around the world. Intel Security is combining the experience and expertise of McAfee with the innovation and proven performance of Intel to make security an essential ingredient in every architecture and on every computing platform. The mission of Intel Security is to give everyone the confidence to live and work safety and securely in the digital world. www.intelsecurity.com.

– 30 –

Intel, the Intel logo, McAfee and the McAfee logo are trademarks of Intel Corporation in the United States and other countries.
*Other names and brands may be claimed as the property of others.


CONTACTS:
Chris Palm
Intel Security
408-346-3089
chris.palm@intel.com

Janelle Dickerson
Zeno Group, for Intel Security
650-801-0936
janelle.dickerson@zenogroup.com