Ransomware surges 165% in Q1, Flash vulns quadruple: McAfee Labs
Intel-owned security research centre also gives update on Equation Group
Worldwide incidents of ransomware attacks surged 165% in the first quarter while Flash malware more than quadrupled, according to Intel Security's McAfee Labs' threat report for May 2015, which also reported that the Equation Group's HDD firmware exploits applied to SSDs.
The ransomware surge was attributed to the growing popularity of the so-called CTB-Locker family (CryptoWall, TorrentLocker and BandarChor, which have all been upgraded) and a new ransomware family called Teslacrypt.
CTB-Locker's success, McAfee Labs reported, is due to more sophisticated techniques in evading security software and the emergence of a partner scheme that offers third-party attackers a cut of ransom payments for help with spreading CTB-Locker phishing messages.
Adobe Flash continued to pose a problem as Flash-focused malware grew 317%. McAfee Labs said attackers are switching focus from Java archive and Microsoft Silverlight to attack unpatched vulnerabilities in the Adobe product. The problems with Flash have been exacerbated by users being slow to apply updates and also by a sharp increase in the number of mobile devices that support Adobe Flash files (.swf).
But Intel Security's researchers had some praise for Adobe's patch team, which managed to release same-day fixes for all 42 Adobe Flash vulnerabilities found during the quarter. That means Adobe software teams released updates within 24 hours of them being posted on the National Vulnerability Database.
"With the popularity of a product like Flash, there comes a tremendous responsibility to proactively identify and mitigate security issues potentially threatening millions of users," said Vincent Weafer, senior vice president, McAfee Labs.
"This research nicely illustrates how the tech industry works together constructively to gain an advantage in the realm of cybersecurity - industry partners sharing threat intelligence, and technology providers acting on information quickly to help prevent potential issues."
McAfee Labs also reported on the shadowy Equation Group. In February reports emerged of the group's campaign to attack firmware vulnerabilities present in commercially available hard disks. Intel researchers studying the malware exposed in February, discovered that solid-state drives were also vulnerable.
"Once reprogrammed, the HDD and SSD firmware can reload associated malware each time infected systems boot and the malware persists even if the drives are reformatted or the operating system is reinstalled," McAfee Labs reported. "Once infected, security software cannot detect the associated malware stored in a hidden area of the drive."