McAfee report sees ransomeware surge, praises Adobe for its response

ransomware hospital hackers demand more money ransomeware
Brian A Jackson/Shutterstock
Adobe has become a “gold standard” for responding to vulnerabilities, according to the latest McAfee Labs Threat Report, with the company patching most threats within one day.

In Q1 2015, 42 new Adobe Flash vulnerabilities were submitted to the National Vulnerability Database, and within 24 hours, Adobe patched them all, says McAfee Labs.

Adobe Flash vulnerabilities have always been common, but in Q1, new Adobe Flash malware grew a staggering 317 percent, from 47,000 samples in late 2014 to 200,000 now. McAfee Labs’ report says that cybercriminals have moved away from Java and Microsoft Silverlight vulnerabilities in favor of exploiting un-patched Adobe Flash vulnerabilities, but the company has responded accordingly, says the report’s authors.

“When we look at how quickly some organizations take to patch things, actually you’re getting a complete plethora of responses. I mean in certain cases we’ve actually seen where organizations haven’t even responded to security researchers when they’ve identified vulnerabilities in their platforms,” Raj Samani, EMEA CTO at McAfee, tells Digital Trends.

“If we look at the number of targeted attacks going after say Adobe, and specifically Flash vulnerabilities, the reality is with what we said with the gold standard, it really is that,” he says. “There’s a whole multitude of different kinds of responses but certainly Adobe appears to be way ahead of everybody else.”

Other companies were praised for offering attractive bug bounty programs in the face of a burgeoning market for zero days on the dark web, where vendors are selling off research from the security industry and making potential profits. “Are the bug bounties going to be anywhere near what someone can sell a zero day for? At the moment it doesn’t appear to be,” adds Samani. “We’re seeing certain organizations taking a very responsible approach regarding paying researchers, recognizing researchers, and I think it’s important to do that.”

Despite certain companies patching their software as swiftly as possible, there is still a culture of poor responses in the industry. “There’s a multitude of horror stories out there,” says Samani.

Intel Security's Raj Samani
Intel Security’s Raj Samani Security & Defence Agenda/Flickr

The report adds that overall there’s been a huge growth in malware, especially ransomware, with a couple of high-profile new samples hitting the scene. Ransomware grew 165 percent in the first quarter of 2015. The report credits this to the rise of major new ransomware families, CTB-Locker and Teslacrypt, along with updated versions of older strains like CryptoWall and TorrentLocker.

Ransomware has grown in popularity as people have become more amendable to paying, explains Samani, and its authors are more likely to target victims in richer countries. “The returns are really, really good,” he says. “If you’re looking at the specific threat actor being involved in cybercrime, their motive is to make money, then ransomware is a pretty profitable approach for them.”

CTB-Locker was one of the prevalent samples in the quarter. CTB stands for Curve, Tor, Bitcoin, with curve referring to the malware’s cryptography based on elliptical curves while the attacker’s control servers are placed on Tor and the ransom is listed in Bitcoin. The report anticipates that ransomware samples like this will continue to grow in the future.

McAfee Labs found that most other threats are either on the rise or holding steady from the previous report. The number of new mobile malware samples soared by 49 percent from Q4 2014 to Q1 2015.

“The number of total malware samples we’ve currently got in our zoo has hit 400 million. The total number of threats that we’re seeing are 362 per minute, which is about six every second,” explains Samani. “Basically what that means is within our malware zoo, we’ve now just hit the 400 million figure. That’s a 13 percent increase from Q4 2014 to Q1 2015.”

Product Review

Samsung’s Galaxy Book 2 is a Surface Pro alternative with one big advantage

The 2-in-1 form factor is clearly a big deciding factor for anyone looking to buy a new device, which is why Samsung is again getting in the action this year with the new Galaxy Book 2.
Gaming

Your PlayStation 4 game library isn't complete without these games

Looking for the best PS4 games out there? Out of the massive crop of titles available, we selected the best you should buy. No matter what your genre of choice may be, there's something here for you.
Movies & TV

The best movies on Netflix in October, from 'The Witch’ to ‘Black Panther’

Save yourself from hours wasted scrolling through Netflix's massive library by checking out our picks for the streamer's best movies available right now, whether you're into explosive action, subdued humor, or anything in between.
Computing

A ThinkPad tablet with a foldable screen could be in Lenovo’s future

Lenovo may be working on its own version of Project Andromeda. The company is reportedly working on a 13-inch tablet that can fold down to just nine inches for travel by leveraging LG Display's foldable screen technology.
Computing

Consider an extended warranty plan if you buy a Surface Pro 6

Though Microsoft offers a standard one-year warranty on the Surface Pro 6, consumers may want to purchase an extended warranty plan if they intend on keeping their tablet longer due to the device's low repairability score.
Computing

Samsung Chromebook Plus V2 vs. Google Pixelbook

Samsung's Chromebook Plus V2 attempts to answer the question: can you spend around half as much as on the premium Google Pixelbook and be happy that you saved some serious cash?
Computing

'World's best gaming processor'? We put Intel's new i9 through the ringer

Intel has launched the first Core i9 for the average gamer. Despite some controversies around its release, it’s the fastest gaming processor we’ve yet tested.
Computing

Protecting your PDF with a password isn't difficult. Just follow these steps

If you need to learn how to password protect a PDF, you have come to the right place. This guide will walk you through the process of protecting your documents step by step, whether you're running a MacOS or Windows machine.
Computing

Google Chrome 70 is finally getting a picture-in-picture mode

Picture-in-picture mode is finally coming to Google Chrome 70 on Mac, Linux, and Windows. The feature not only applies to YouTube but also any other website where developers have chosen to implement it.
Computing

Intel's 9th-gen chips could power your next rig. Here's what you need to know

The Intel Core i9-9900K processor was the star of the show for consumers, but a powerful 28-core Xeon processor also led announcements. Here's everything you need to know about the latest Intel chipsets.
Computing

Core i9s and Threadrippers are all powerful, but should you go AMD or Intel?

The battle for the top prosumer CPUs in the world is on. In this head to head, we pit the Core i9 versus the Threadripper to see which is the best when it comes to maximizing multi-core performance on a single chip.
Computing

Despite serious security flaws, D-Link will (again) not patch some routers

D-Link revealed that it won't patch six router models despite warnings raised by a security researcher. The manufacturer, for the second time in a span of about a year, cited end-of-life policies for its decision to not act.
Computing

Apple’s latest feature ensures MacOS apps are safer than ever

MacOS is mythically known for being more immune to viruses than Windows, but that doesn't mean there isn't room to make it safer. Apple is using an app notarization feature to protect users from downloading malicious apps.
Computing

There’s now proof that quantum computing is superior to the classical variety

For the first time in computer science history, researchers have tangibly demonstrated how a quantum computer is better than a classical computer. A quantum computer was able to solve a math problem that a classical PC cannot.