McAfee Labs is one of the world’s leading sources for threat research, threat intelligence, and cybersecurity thought leadership. With data from millions of sensors across key threats vectors—file, web, message, and network—McAfee Labs delivers real-time threat intelligence, critical analysis, and expert thinking to improve protection and reduce risks.
Welcome to the new McAfee!
In mid-February, we released the report Building Trust in a Cloudy Sky: The State of Cloud Adoption and Security. The report looks at cloud adoption, changes in data centre environments, and the challenges with visibility and control over these new architectures. It is based on responses from 1,400 IT security professionals from around the globe.
On March 1, we released the report Tit the Playing Field: How Misaligned Incentives Work against Cybersecurity, developed in partnership with the Centre for Strategic and International Studies. It examines the mismatch between the incentives of attackers and defenders. The report identified three key incentive misalignments: between corporate structures and the free flow of criminal enterprises, between strategy and implementation, and between senior executives and those in implementation roles.
In this quarterly threats report, we highlight three Key Topics:
- We explore the very interesting topic of steganography in the digital world. Digital steganography hides information in benign-looking objects such as images, audio tracks, video clips, or text files. Of course, attackers use these techniques to pass information by security systems. We explain how in this Key Topic.
- We broadly examine evasion techniques and how malware authors use them to accomplish their goals. We discuss the more than 30-year history of evasion by malware, the underground market for off the-shelf evasion technology, how several contemporary malware families leverage evasion techniques, and what to expect in the future, including machine learning and hardware-based evasion.
- We examine Fareit, the most famous password-stealing malware. We cover its origins, its typical infection vectors, its architecture and inner workings, how it has changed over the years, and how it was likely used in the breach of the Democratic National Committee before the 2016 U.S. Presidential election.
These Key Topics are followed by our usual in-depth set of quarterly threats statistics.
In response to the WikiLeaks Vault 7 disclosure on March 7, McAfee developed a simple module for the CHIPSEC framework that can be used to verify the integrity of EFI firmware executables on potentially impacted systems. This work is based on many years of dedicated research within the field of firmware security, conducted by McAfee’s Advanced Threat Research group. CHIPSEC is a framework for analysing the security of PC platforms that includes hardware, system firmware (BIOS/UEFI), and platform components.
Also in April, McAfee’s Strategic Intelligence researchers released evidence that a series of cyberattacks targeting the Persian Gulf and, specifically, Saudi Arabia between 2012 and the present are the work of hacker groups supported and coordinated by a common malicious actor, and not the random efforts of a variety of individual cyber gangs in the region. The latest Sha-moon campaigns go beyond a few targets in the energy industry, to many in other critical sectors that run Saudi Arabia. Taken together, this new series of Sha-moon cyber espionage campaigns is significantly larger, well-planned, well-resourced, and coordinated at a level beyond the limited capacity of disparate independent hacker gangs.
The No More Ransom initiative confirmed the addition of new members and decryption tools in early April. The initiative brings together technology companies and law enforcement agencies from around the world to educate the public about ransomware and to provide easy access to decryption tools so that victims need not pay ransoms. McAfee is a founding member of the No More Ransom initiative; there are now 89 member companies and agencies.
Finally, the Verizon 2017 Data Breach Investigations Report (DBIR) was released in late April. McAfee co-authored a section of the report in which we highlighted significant ransomware technical enhancements in 2016 that have transformed both the nature of the threat and ways in which the security industry is fighting back.