Ransomware, mobile malware, and overall malware surged in the last quarter of 2015, according to McAfee Labs Threats Report: March 2016.
That’s by the IT security product firm Intel Security; it also assesses the attitudes of 500 cybersecurity professionals toward cyber threat intelligence (CTI) sharing, and examines the workings of the Adwind remote administration tool (RAT). In 2015, Intel interviewed 500 IT security people in a variety of industries across North America, Asia Pacific, and Europe.
After slowing slightly mid-year, new ransomware regained its rapid growth rate, with a 26 percent quarter-over-quarter increase in the last quarter of 2015. Open-source ransomware code and ransomware-as-a-service continue to make it simpler to launch attacks, the Teslacrypt and CryptoWall 3 campaigns continue to extend their reach, and ransomware campaigns continue to be financially lucrative. An October 2015 analysis of the CryptoWall 3 ransomware hinted at the financial scale of such campaigns, when McAfee Labs researchers linked just one campaign’s operations to $325m in victim ransom payments.
Findings included:
· Value perception and adoption. Of the 42 percent of respondents who report using shared threat intelligence, 97 percent believe that it enables them to provide better protection for their company. Of those participating respondents, 59 percent find such sharing to be “very valuable” to their organisations, while 38 percent find sharing to be “somewhat valuable.”
· Industry-specific intelligence. A near unanimous 91 percent of respondents voice interest in industry-specific cyber threat intelligence, with 54 percent responding “very interested” and 37 percent responding “somewhat interested.” Sectors such as financial services and critical infrastructure stand to benefit most from such industry-specific CTI given the highly specialized nature of threats McAfee Labs has monitored in these two mission-critical industries.
· Willingness to share. Sixty-three percent of respondents
indicate they may be willing to go beyond just receiving shared CTI to actually contributing their own data, as long as it can be shared within a secure and private platform. However, the idea of sharing their own information is met with varying degrees of enthusiasm, with 24 percent responding they are “very likely” to share while 39 percent are “somewhat likely” to share.
· Types of data to share. When asked what types of threat data they are willing to share, respondents say behavior of malware (72 percent), followed by URL reputations (58 percent), external IP address reputations (54 percent), certificate reputations (43 percent), and file reputations (37 percent).
· Barriers to CTI. When asked why they have not implemented shared CTI in their enterprises, 54 percent of respondents identify corporate policy as the reason, followed by industry regulations (24 percent). The remainder of respondents whose organisations do not share data report being interested but need more information (24 percent), or are concerned shared data would be linked back to their firms or themselves as individuals (21 percent). These findings suggest a lack of experience with, or knowledge of, the varieties of CTI integration options available to the industry, as well as a lack of understanding of the legal implications of sharing CTI.
Raj Samani, pictured, CTO EMEA at Intel Security, said: “Cyber threat intelligence (CTI) sharing is a crucial strategy to ensure that enterprises across entire industries are able to learn from each other and set up proactive defences to safeguard both their corporations and the industry as a whole,” said . “In many cases, advanced stealthy attacks can lay hidden on a network, undetected. With corporations proactively sharing details of threats and attacks, similar enterprises will also be able to more rapidly detect threats and correct their systems. Detection and correction of a cyber attack is just as important as the initial protection stage when safeguarding company and customer data.
“Our report highlights that CTI must overcome the barriers of organisational policies, regulatory restrictions, liability risks, and a lack of implementation knowledge before its potential can be fully realised.”
For more on these topics, or more threat landscape statistics for Q4 2015, visit http://www.mcafee.com/March2016ThreatsReport for the full report.
