McAfee Labs published the Threats Report August 2014
for the 2nd Quarter. The report highlights three major themes to include the Heartbleed OpenSSL vulnerability impact, trends in phishing attack threats and Operation Tovar, a global effort that took down Gameover Zeus and Cryptolocker. The report concludes with the latest statistical trends in global security threats.
Heartbleed Impact and Aftermath
As described in the Threats Report
(CVE-2014-0160) was first publicly disclosed
on April 7th of this year and is described in many security circles as the worst vulnerability ever discovered. Heartbleed affects the OpenSSL open source library and impacted nearly 17% of the websites using TLS, to include many of the most popular websites. Through collaboration and much hard work, many organizations were able to quickly plug the OpenSSL flaw and secure affected websites and systems. However, many systems are still vulnerable today.
Some other notable takeaways from the report:
- Automated Tools: Many Heartbleed tools (such as Heartleech and Project Un1c0rn) can be used by both white hat and black hat security professionals. Although these can be great tools for companies to detect vulnerable systems, the tools can also be used by hackers for malicious intent. For instance, the tools can be used to sidestep intrusion detection systems and may also be used to make vulnerable public IPs searchable. According to the report, the tools can be used to "collect targets in the same way a thief may assemble a to-do list of unlocked houses."
- Vulnerable IP-enabled devices: Many devices such as Network Attached Storage (NAS) and security cameras are still vulnerable at the time of writing the report.
- McAfee offers a tool, MWG, that may be used by the more technical security users to protect users from visiting sites vulnerable to the Heartbleed bug.
In the section titled Phishing lures the unsuspecting: business users easily hooked
, McAfee says they have collected 250,000 new phishing URLs, bringing the total to 1 Million URLs in just the past year. The results also show an "increase in the sophistication" of phishing attacks. Also described in the report, a modern phishing attack typically will include a well known brand (such as Amazon or UPS). What is different this time around is how such an attack and malware payload is executed and can stealthily bypass detection. In one example, the same phishing message was sent by 21,000 unique sender IP addresses.
To help improve user awareness, McAfee released a good Phishing Quiz
, that consists of 10 email messages to test your ability in spotting phishing messages. Of 16,000 business users that took the quiz so far, nearly 80% fell for at least one of the phishing e-mails. Accounting and Finance and Human Resources performed the worst.
Operation Tovar was a joint effort between global law enforcement and the private sector (to include McAfee) to go after and take down Gameover Zeus and Cryptolocker infrastructure.
is a peer-to-peer botnet based on the Zeus banking trojan and was responsible for the theft of thousands if not millions of online banking credentials, credit cards and online login accounts. Nearly 600,000 systems were infected in just August of 2012 alone.
ransomware was designed to encrypt a victim's files and then hold the files ransom until a payment was made by the victim within 72 hours. After 72 hours, the files would then be destroyed, according to the threats. Some estimates say that the average ransom paid was around $461.
As part of Operation Tovar, 125,000 domains used for Cryptolocker and 120,000 Gameover Zeus domains were sinkholed. Although the operation was successful in the short term, new variations are on the rise
using leaked Zeus code.
Threat Statistics Summary
The report concludes with some threat statistics as of the end of Q2, 2014. Some of the most notable trends in threats:
- Total count of mobile malware increased by 17% in Q2
- 31 million new malware samples discovered in Q2
- New ransomware continued to decline, falling 63% in Q2
- New malicious signed binaries passed 3 Million in latest quarter
- North America (to include U.S.) continues to host more suspect content, hosting phishing URLs and Hosting SPAM URLs
- Denial of Service attacks rose 4% in Q2 and still remains the most prevalent network threat.
This article was originally published on Securezoo.com