McAfee has released the findings of the McAfee Labs Threats Report: June 2017.
The report revealed growth trends in malware, ransomware, mobile malware, and other threats in Q1 2017.
In the first quarter of 2017, the McAfee Labs Global Threat Intelligence network registered that there were 244 new cyber threats detected every minute, or more than four every second.
The firm also counted 301 publicly disclosed security incidents in Q1, an increase of 53 percent over the Q4 2016 count. The health, public, and education sectors comprised more than 50 percent of the total.
In addition, the report found new malware samples rebounded in Q1 to 32 million. The total number of malware samples increased 22 percent in the past four quarters to 670 million known samples. New malware counts rebounded to the quarterly average seen during the past four years.
It also revealed that mobile malware reports from Asia doubled in Q1, contributing to a 57 percent increase in global infection rates. Total mobile malware grew 79 percent in the past four quarters to 16.7 million samples. The largest contributor to this growth was Android/SMSreg, a potentially unwanted programme detection from India.
Furthermore the McAfee report examined the origins and inner workings of the Fareit password stealer, provides a review of the 30-year history of evasion techniques used by malware authors.
Malware developers began experimenting with ways to evade security products in the 1980s, when a piece of malware defended itself by partially encrypting its own code, making the content unreadable by security analysts. The term evasion technique groups all the methods used by malware to avoid detection, analysis, and understanding. McAfee Labs classifies evasion techniques into three broad categories:
- Anti-security techniques: Used to avoid detection by antimalware engines, firewalls, application containment, or other tools that protect the environment.
- Anti-sandbox techniques: Used to detect automatic analysis and avoid engines that report on the behavior of malware. Detecting registry keys, files, or processes related to virtual environments lets malware know if it is running in a sandbox.
- Anti-analyst techniques: Used to detect and fool malware analysts, for example, by spotting monitoring tools such as Process Explorer or Wireshark, as well as some process-monitoring tricks, packers, or obfuscation to avoid reverse engineering.
“There are hundreds, if not thousands, of anti-security, anti-sandbox, and anti-analyst evasion techniques employed by hackers and malware authors, and many of them can be purchased off the shelf from the Dark Web,” said Vincent Weafer, vice president, McAfee Labs. “This quarter’s report reminds us that evasion has evolved from trying to hide simple threats executing on a single box, to the hiding of complex threats targeting enterprise environments over an extended period of time, to entirely new paradigms, such as evasion techniques designed for machine learning based protection.”
Fareit first appeared in 2011 and has since evolved in a variety of ways, including new attack vectors, enhanced architecture and inner workings, and new ways to evade detection. There is a growing consensus that Fareit, now the most infamous password-stealing malware, was likely used in the high-profile Democratic National Committee breach before the 2016 US Presidential election.