Skip to main content

McAfee report sees ransomeware surge, praises Adobe for its response

ransomware hospital hackers demand more money ransomeware
Brian A Jackson/Shutterstock
Adobe has become a “gold standard” for responding to vulnerabilities, according to the latest McAfee Labs Threat Report, with the company patching most threats within one day.

In Q1 2015, 42 new Adobe Flash vulnerabilities were submitted to the National Vulnerability Database, and within 24 hours, Adobe patched them all, says McAfee Labs.

Adobe Flash vulnerabilities have always been common, but in Q1, new Adobe Flash malware grew a staggering 317 percent, from 47,000 samples in late 2014 to 200,000 now. McAfee Labs’ report says that cybercriminals have moved away from Java and Microsoft Silverlight vulnerabilities in favor of exploiting un-patched Adobe Flash vulnerabilities, but the company has responded accordingly, says the report’s authors.

“When we look at how quickly some organizations take to patch things, actually you’re getting a complete plethora of responses. I mean in certain cases we’ve actually seen where organizations haven’t even responded to security researchers when they’ve identified vulnerabilities in their platforms,” Raj Samani, EMEA CTO at McAfee, tells Digital Trends.

“If we look at the number of targeted attacks going after say Adobe, and specifically Flash vulnerabilities, the reality is with what we said with the gold standard, it really is that,” he says. “There’s a whole multitude of different kinds of responses but certainly Adobe appears to be way ahead of everybody else.”

Other companies were praised for offering attractive bug bounty programs in the face of a burgeoning market for zero days on the dark web, where vendors are selling off research from the security industry and making potential profits. “Are the bug bounties going to be anywhere near what someone can sell a zero day for? At the moment it doesn’t appear to be,” adds Samani. “We’re seeing certain organizations taking a very responsible approach regarding paying researchers, recognizing researchers, and I think it’s important to do that.”

Despite certain companies patching their software as swiftly as possible, there is still a culture of poor responses in the industry. “There’s a multitude of horror stories out there,” says Samani.

Intel Security's Raj Samani
Intel Security’s Raj Samani Security & Defence Agenda/Flickr

The report adds that overall there’s been a huge growth in malware, especially ransomware, with a couple of high-profile new samples hitting the scene. Ransomware grew 165 percent in the first quarter of 2015. The report credits this to the rise of major new ransomware families, CTB-Locker and Teslacrypt, along with updated versions of older strains like CryptoWall and TorrentLocker.

Ransomware has grown in popularity as people have become more amendable to paying, explains Samani, and its authors are more likely to target victims in richer countries. “The returns are really, really good,” he says. “If you’re looking at the specific threat actor being involved in cybercrime, their motive is to make money, then ransomware is a pretty profitable approach for them.”

CTB-Locker was one of the prevalent samples in the quarter. CTB stands for Curve, Tor, Bitcoin, with curve referring to the malware’s cryptography based on elliptical curves while the attacker’s control servers are placed on Tor and the ransom is listed in Bitcoin. The report anticipates that ransomware samples like this will continue to grow in the future.

McAfee Labs found that most other threats are either on the rise or holding steady from the previous report. The number of new mobile malware samples soared by 49 percent from Q4 2014 to Q1 2015.

“The number of total malware samples we’ve currently got in our zoo has hit 400 million. The total number of threats that we’re seeing are 362 per minute, which is about six every second,” explains Samani. “Basically what that means is within our malware zoo, we’ve now just hit the 400 million figure. That’s a 13 percent increase from Q4 2014 to Q1 2015.”

Editors' Recommendations

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
What is an AI token?
A presenter at Google IO shows information on a new AI project.

Google recently announced that Gemini 1.5 Pro would increase from a 1 million token context window to 2 million. That sounds impressive, but what in the world is a token anyways?

At its core, even chatbots need help processing the text they get so they can understand concepts and communicate with you in a human-like fashion. This is accomplished using a token system in the generative AI space that breaks down data so it is more easily digestible by AI models.
What is an AI token?

Read more
Perplexity, one of our favorite AI apps, just got a big update
Perplexity app shown on an iPhone.

If you've been looking for more than just traditional search engines, you may have turned to Perplexity. The app allows users to ask questions and receive quick, accurate answers from a carefully selected set of sources, all powered by ChatGPT. Now, a new software update is making Perplexity AI even better.

Perplexity Pages allows you to transform your research into visually engaging and comprehensive content. Whether you are creating detailed articles, reports, or informative guides, Perplexity Pages brings your ideas to life. This new tool simplifies organizing and sharing information, giving you more control. You also have the option to publish your work to Perplexity’s library of user-generated content, where you can showcase your expertise.

Read more
The best free PC driver update tools everyone should have
Acer Predator XB3 Gaming Monitor review

Updating your drivers is something that's easy to forget, but can you really trust driver update tools? There are a lot of scammy, spammy, nefarious apps out there that promise to update drivers, but are bloatware at best and malware at worst. While here at Digital Trends we might be big fans of doing it the manual way for added control, there are some free PC driver update tools you can use that aren't going to steal your data.

Here are some of our favorite free PC driver update tools that you can trust to do the job they claim.
Intel Driver and Support Assistant

Read more