Intel Security discloses its McAfee Labs Threats Report: March 2015, which assesses the attitude of 500 cybersecurity professionals toward sharing cyber threat intelligence (CTI), examines the inner workings of the Adwind* remote administration tool (RAT) and details the massive increase in ransomware, malware mobile and malware in general in the fourth quarter of 2015.
In 2015, Intel Security surveyed 500 security professionals from various industries across North America, Asia Pacific, and Europe to measure CTI knowledge, its added value in enterprise security, and what factors can get in the way of better implementing CTI in strategies. of security. The professionals surveyed provided an important picture of the current state and potential opportunities for CTI in the company:
· Perception of value and adherence. Of the 42% who reported using shared threat intelligence, 97% believe its use allows them to provide better protection for their business. Among these, 59% understands that this sharing is "very important" to their organizations, while 38% understands that it is "fairly important".
· Industry-specific intelligence. Almost unanimously, 91% of respondents say they are interested in industry-specific cyber threat intelligence, with 54% responding "very interested" and 37% responding "fairly interested". Industries such as financial services and critical infrastructure tend to benefit the most from this industry-specific CTI given the highly specialized nature of threats that McAfee Labs has been monitoring in these two core mission industries.
· Willingness to share. Sixty-three percent of those who responded indicate that they are willing to move forward just by receiving shared CTI to actually contribute their own data, as long as it is shared on a secure and private platform. However, the idea of sharing your own information meets a varying degree of enthusiasm, with 24% responding that it is "very likely" that they will share it while for 39% it is "reasonably likely" that they will.
· Data types to share. When asked what types of threat data they are willing to share, respondents pointed to malware behavior (72%) followed by URL reputations (58%), external IP address reputations (54%), certificate reputations (43%), and reputations file (37%).
· Barriers to CTI. When asked why they did not implement CTI in their companies, 54% of those surveyed identified corporate policy as the reason, followed by industry regulations (24%). The remaining participants, whose organizations do not share data, report that they are interested but need more information (24%) or are concerned about the shared data being linked to their companies or to themselves as individuals (21%). These findings suggest a lack of experience or knowledge of the variety of CTI integration options available to the industry, as well as a lack of knowledge of the legal implications of sharing CTI.
"Given the determination shown by cybercriminals, CTI sharing will become an important tool to create the balance of power of cybersecurity in favor of defenders," says Vicente Weafer, vice president of the McAfee Labs group at Intel Security. "But our research suggests that a high-value CTI must overcome barriers of organizational policy, regulatory constraints, risks associated with attribution, trust, and a lack of implementation knowledge, before its potential is fully realized."
This quarter's report also evaluates the Adwind Remote Administration Tool (RAT), a Java*-based backdoor Trojan that targets multiple platforms that support Java files. Adwind is typically spread via spam campaigns using email, compromised web pages and targeted downloads loaded with malware. McAfee Labs Report describes a rapid increase in the number of .jar file samples identified by McAfee Labs researchers as Adwind where there was a jump of 426% in Q4 2015 compared to Q1 2015 (from 1388 to 7295 identifications).
4th quarter 2015 threat statistics
· Ransomware speeds up again. After slightly decelerating mid-year, new ransomware has regained its rapid growth rate, with a quarterly increase of 26% reported in Q4 2015. Open source ransomware code and ransomware as a service continue to simplify attack launches, campaigns Teslacrypt and CryptoWall 3 continue to extend their reach. Ransomware campaigns continue to be financially profitable. An October 2015 analysis of the CryptoWall 3 ransomware simulated the financial scale of these campaigns, when researchers at McAfee Labs linked just one campaign's operations to $325 million in victim ransom payments.
· Leap on mobile malware. Q4 2015 saw a quarterly increase of 72% in new mobile malware samples as malware authors appear to have produced new malware faster.
· Rootkit malware drops. The number of new rootkit malware samples dropped precipitously in Q4, continuing a long-term downward trend in this type of attack. McAfee Labs attributes some of this decline, which began in Q3 2011, to customers' continued adoption of 64-bit Intel® processors over 64-bit Microsoft Windows*. These technologies include features such as Kernel Patch Protection* and Secure Boot* that together help improve protection against threats such as rootkit malware.
· The return of malware. After three declining quarters, the total number of new malware samples resumed its growth in Q4, with 42 million new malicious hashes discovered, 10% more than Q3 and the second highest count ever recorded by McAfee Labs. In part, the growth in Q4 was a result of 2.3 million new mobile malware samples, or 1 million more than in Q3.
· Binaries signed by malicious software have decreased. The number of binaries signed by malicious software has decreased each quarter over the past year, reaching the lowest level in Q4 2015 since Q2 2013. McAfee Labs believes the decline can be attributed in part to old certificates with frequent presence. on the black market are expiring or being revoked as companies move to stronger hashing functions. Additionally, technologies such as Smart Screen* (part of Microsoft Internet Explorer*, but extending to other parts of Windows) act as additional reliability tests and make signing binaries against malicious software less beneficial for malware authors. .
For information on these topics of interest, or more statistics on the threat landscape in Q4 2015, visit http://www.mcafee.com/March2015ThreatsReport to get the full report.
For guidance on how organizations can better protect their organizations from the threats detailed in this quarter's report, visit Enterprise Blog.
For online safety tips on how consumers can protect themselves from the threats mentioned in this report, visit Consumer Safety Tips Blog.
In 2015, Intel Security surveyed 500 security professionals from various industries across North America, Asia Pacific, and Europe to measure CTI knowledge, its added value in enterprise security, and what factors can get in the way of better implementing CTI in strategies. of security. The professionals surveyed provided an important picture of the current state and potential opportunities for CTI in the company:
· Perception of value and adherence. Of the 42% who reported using shared threat intelligence, 97% believe its use allows them to provide better protection for their business. Among these, 59% understands that this sharing is "very important" to their organizations, while 38% understands that it is "fairly important".
· Industry-specific intelligence. Almost unanimously, 91% of respondents say they are interested in industry-specific cyber threat intelligence, with 54% responding "very interested" and 37% responding "fairly interested". Industries such as financial services and critical infrastructure tend to benefit the most from this industry-specific CTI given the highly specialized nature of threats that McAfee Labs has been monitoring in these two core mission industries.
· Willingness to share. Sixty-three percent of those who responded indicate that they are willing to move forward just by receiving shared CTI to actually contribute their own data, as long as it is shared on a secure and private platform. However, the idea of sharing your own information meets a varying degree of enthusiasm, with 24% responding that it is "very likely" that they will share it while for 39% it is "reasonably likely" that they will.
· Data types to share. When asked what types of threat data they are willing to share, respondents pointed to malware behavior (72%) followed by URL reputations (58%), external IP address reputations (54%), certificate reputations (43%), and reputations file (37%).
· Barriers to CTI. When asked why they did not implement CTI in their companies, 54% of those surveyed identified corporate policy as the reason, followed by industry regulations (24%). The remaining participants, whose organizations do not share data, report that they are interested but need more information (24%) or are concerned about the shared data being linked to their companies or to themselves as individuals (21%). These findings suggest a lack of experience or knowledge of the variety of CTI integration options available to the industry, as well as a lack of knowledge of the legal implications of sharing CTI.
"Given the determination shown by cybercriminals, CTI sharing will become an important tool to create the balance of power of cybersecurity in favor of defenders," says Vicente Weafer, vice president of the McAfee Labs group at Intel Security. "But our research suggests that a high-value CTI must overcome barriers of organizational policy, regulatory constraints, risks associated with attribution, trust, and a lack of implementation knowledge, before its potential is fully realized."
This quarter's report also evaluates the Adwind Remote Administration Tool (RAT), a Java*-based backdoor Trojan that targets multiple platforms that support Java files. Adwind is typically spread via spam campaigns using email, compromised web pages and targeted downloads loaded with malware. McAfee Labs Report describes a rapid increase in the number of .jar file samples identified by McAfee Labs researchers as Adwind where there was a jump of 426% in Q4 2015 compared to Q1 2015 (from 1388 to 7295 identifications).
4th quarter 2015 threat statistics
· Ransomware speeds up again. After slightly decelerating mid-year, new ransomware has regained its rapid growth rate, with a quarterly increase of 26% reported in Q4 2015. Open source ransomware code and ransomware as a service continue to simplify attack launches, campaigns Teslacrypt and CryptoWall 3 continue to extend their reach. Ransomware campaigns continue to be financially profitable. An October 2015 analysis of the CryptoWall 3 ransomware simulated the financial scale of these campaigns, when researchers at McAfee Labs linked just one campaign's operations to $325 million in victim ransom payments.
· Leap on mobile malware. Q4 2015 saw a quarterly increase of 72% in new mobile malware samples as malware authors appear to have produced new malware faster.
· Rootkit malware drops. The number of new rootkit malware samples dropped precipitously in Q4, continuing a long-term downward trend in this type of attack. McAfee Labs attributes some of this decline, which began in Q3 2011, to customers' continued adoption of 64-bit Intel® processors over 64-bit Microsoft Windows*. These technologies include features such as Kernel Patch Protection* and Secure Boot* that together help improve protection against threats such as rootkit malware.
· The return of malware. After three declining quarters, the total number of new malware samples resumed its growth in Q4, with 42 million new malicious hashes discovered, 10% more than Q3 and the second highest count ever recorded by McAfee Labs. In part, the growth in Q4 was a result of 2.3 million new mobile malware samples, or 1 million more than in Q3.
· Binaries signed by malicious software have decreased. The number of binaries signed by malicious software has decreased each quarter over the past year, reaching the lowest level in Q4 2015 since Q2 2013. McAfee Labs believes the decline can be attributed in part to old certificates with frequent presence. on the black market are expiring or being revoked as companies move to stronger hashing functions. Additionally, technologies such as Smart Screen* (part of Microsoft Internet Explorer*, but extending to other parts of Windows) act as additional reliability tests and make signing binaries against malicious software less beneficial for malware authors. .
For information on these topics of interest, or more statistics on the threat landscape in Q4 2015, visit http://www.mcafee.com/March2015ThreatsReport to get the full report.
For guidance on how organizations can better protect their organizations from the threats detailed in this quarter's report, visit Enterprise Blog.
For online safety tips on how consumers can protect themselves from the threats mentioned in this report, visit Consumer Safety Tips Blog.
EN 
PT 
