McAfee Labs registers 165% surge in new ransomware in Q1 2015

McAfee Labs registered a 165 percent surge in new ransomware in the first quarter of 2015 — driven largely by CTB-Locker, Teslacrypt, CryptoWall, TorrentLocker and BandarChor.

CTB-Locker was successful due to techniques for evading security software, higher-quality phishing emails, and an affiliate program that offers accomplices a percentage of ransom payments in return for flooding cyberspace with CTB-Locker phishing messages, said McAfee Labs.

The new Adobe Flash malware samples increased 317 percent due to factors such as the popularity of Adobe Flash; user delay in applying available Adobe Flash patches; new methods to exploit product vulnerabilities; an increase in the number of mobile devices that can play Adobe Flash files (.swf); and the difficulty of detecting some Adobe Flash exploits.

Forty-two new Adobe Flash vulnerabilities were submitted to the National Vulnerability Database in Q1. On the same day those vulnerabilities were posted, Adobe made initial fixes available for all 42 vulnerabilities.

Intel Security said in its McAfee Labs Threats Report: May 2015 there was HDD and SSD firmware attacks by a secretive outfit called Equation Group.

McAfee Labs said the reprogramming modules exposed in February could be used to reprogram the firmware in SSDs in addition to the previously-reported HDD reprogramming capability.

Once reprogrammed, the HDD and SSD firmware can reload associated malware each time infected systems boot and the malware persists even if the drives are reformatted or the operating system is reinstalled. Once infected, security software cannot detect the associated malware stored in a hidden area of the drive.

The report said there was a slight decline in new PC malware, primarily due to the activity of one adware family, SoftPulse, which spiked in Q4 2014 and returned to normal levels in Q1 2015. The McAfee Labs malware zoo grew 13 percent during that time, and now contains 400 million samples.

The number of new mobile malware samples increased 49 percent from Q4 2014 to Q1 2015.

SSL-related attacks fell due to the result of SSL library updates that have eliminated many of the vulnerabilities exploited in prior quarters. Shellshock attacks are still quite prevalent since their emergence late last year.

The Dyre, Dridex, and Darkmailer3.Slenfbot botnets overtook Festi and Darkmailer as the top spam networks; pushing pharmaceuticals, stolen credit cards, and “shady” social-media marketing tools, said McAfee Labs.

[email protected]