Skip to main content

McAfee report sees ransomeware surge, praises Adobe for its response

Adobe has become a “gold standard” for responding to vulnerabilities, according to the latest McAfee Labs Threat Report, with the company patching most threats within one day.

In Q1 2015, 42 new Adobe Flash vulnerabilities were submitted to the National Vulnerability Database, and within 24 hours, Adobe patched them all, says McAfee Labs.

Recommended Videos

Adobe Flash vulnerabilities have always been common, but in Q1, new Adobe Flash malware grew a staggering 317 percent, from 47,000 samples in late 2014 to 200,000 now. McAfee Labs’ report says that cybercriminals have moved away from Java and Microsoft Silverlight vulnerabilities in favor of exploiting un-patched Adobe Flash vulnerabilities, but the company has responded accordingly, says the report’s authors.

“When we look at how quickly some organizations take to patch things, actually you’re getting a complete plethora of responses. I mean in certain cases we’ve actually seen where organizations haven’t even responded to security researchers when they’ve identified vulnerabilities in their platforms,” Raj Samani, EMEA CTO at McAfee, tells Digital Trends.

“If we look at the number of targeted attacks going after say Adobe, and specifically Flash vulnerabilities, the reality is with what we said with the gold standard, it really is that,” he says. “There’s a whole multitude of different kinds of responses but certainly Adobe appears to be way ahead of everybody else.”

Other companies were praised for offering attractive bug bounty programs in the face of a burgeoning market for zero days on the dark web, where vendors are selling off research from the security industry and making potential profits. “Are the bug bounties going to be anywhere near what someone can sell a zero day for? At the moment it doesn’t appear to be,” adds Samani. “We’re seeing certain organizations taking a very responsible approach regarding paying researchers, recognizing researchers, and I think it’s important to do that.”

Despite certain companies patching their software as swiftly as possible, there is still a culture of poor responses in the industry. “There’s a multitude of horror stories out there,” says Samani.

Intel Security's Raj Samani
Intel Security’s Raj Samani Security & Defence Agenda/Flickr

The report adds that overall there’s been a huge growth in malware, especially ransomware, with a couple of high-profile new samples hitting the scene. Ransomware grew 165 percent in the first quarter of 2015. The report credits this to the rise of major new ransomware families, CTB-Locker and Teslacrypt, along with updated versions of older strains like CryptoWall and TorrentLocker.

Ransomware has grown in popularity as people have become more amendable to paying, explains Samani, and its authors are more likely to target victims in richer countries. “The returns are really, really good,” he says. “If you’re looking at the specific threat actor being involved in cybercrime, their motive is to make money, then ransomware is a pretty profitable approach for them.”

CTB-Locker was one of the prevalent samples in the quarter. CTB stands for Curve, Tor, Bitcoin, with curve referring to the malware’s cryptography based on elliptical curves while the attacker’s control servers are placed on Tor and the ransom is listed in Bitcoin. The report anticipates that ransomware samples like this will continue to grow in the future.

McAfee Labs found that most other threats are either on the rise or holding steady from the previous report. The number of new mobile malware samples soared by 49 percent from Q4 2014 to Q1 2015.

“The number of total malware samples we’ve currently got in our zoo has hit 400 million. The total number of threats that we’re seeing are 362 per minute, which is about six every second,” explains Samani. “Basically what that means is within our malware zoo, we’ve now just hit the 400 million figure. That’s a 13 percent increase from Q4 2014 to Q1 2015.”

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
The world’s first 500Hz OLED gaming monitor is here — and it ain’t cheap
The Samsung Odyssey OLED G6 monitor.

Samsung has officially launched the Odyssey OLED G6, the world’s first OLED gaming monitor to feature an ultra-fast 500Hz refresh rate. First unveiled at CES 2025, the 27-inch display is now available for pre-order and targets competitive gamers looking for extreme responsiveness paired with premium OLED visuals.

Surpassing the likes of Asus' ROG Swift PG27AQDP, the new Odyssey OLED G6 (G60SF) makes use of a QD-OLED panel offering a native QHD (2560 × 1440) resolution and a 0.03ms (GtG) response time aimed at minimizing motion blur in fast-paced gameplay. The panel is certified for VESA DisplayHDR True Black 500, which should translate to deep contrast and rich colors. It also includes FreeSync Premium Pro and is also Nvidia G-Sync Compatible, reducing screen tearing and stuttering during gameplay.

Read more
The dual-GPU Intel Arc B580 might be the new Nvidia Titan
The back of the Intel Arc B580 graphics card.

Just yesterday, we reported that one of Intel's partners might be working on an Arc B580 GPU with 24GB of VRAM, doubling the base memory on the card. Now, it seems that an even more impressive GPU might be in the works, set to rival some of the best graphics cards. According to new leaks, we might soon see a dual-GPU Arc B580 with a whopping 48GB of VRAM.

It's been a while since we've seen a dual-GPU anything, much less from Intel. The company's graphics division always targets the mainstream market, with a focus on bringing forth affordable solutions for everyone. Even workstation-oriented Arc GPUs don't aim that high. Still, VideoCardz cites its own sources as it claims that one of Intel's partners is indeed working on such a beastly graphics cards.

Read more
The new macOS update includes a battery boost for Safari
Laptop showing the macos 15.5 update.

The macOS 15.5 update is here, and it's overall pretty light on features. However, the Safari 18.5 update bundled with it does include a new developer feature that will save battery life for users. "Declarative Web Push" is a more efficient approach to web notifications that will drain less battery every time you get a notification on Safari.

The feature already came to iOS and iPadOS in the last update, allowing developers to swap their notification implementations to the simpler JSON format. Just for fun, here's what it looks like:

Read more