Skip to main content

McAfee report sees ransomeware surge, praises Adobe for its response

ransomware hospital hackers demand more money ransomeware
Brian A Jackson/Shutterstock
Adobe has become a “gold standard” for responding to vulnerabilities, according to the latest McAfee Labs Threat Report, with the company patching most threats within one day.

In Q1 2015, 42 new Adobe Flash vulnerabilities were submitted to the National Vulnerability Database, and within 24 hours, Adobe patched them all, says McAfee Labs.

Adobe Flash vulnerabilities have always been common, but in Q1, new Adobe Flash malware grew a staggering 317 percent, from 47,000 samples in late 2014 to 200,000 now. McAfee Labs’ report says that cybercriminals have moved away from Java and Microsoft Silverlight vulnerabilities in favor of exploiting un-patched Adobe Flash vulnerabilities, but the company has responded accordingly, says the report’s authors.

“When we look at how quickly some organizations take to patch things, actually you’re getting a complete plethora of responses. I mean in certain cases we’ve actually seen where organizations haven’t even responded to security researchers when they’ve identified vulnerabilities in their platforms,” Raj Samani, EMEA CTO at McAfee, tells Digital Trends.

“If we look at the number of targeted attacks going after say Adobe, and specifically Flash vulnerabilities, the reality is with what we said with the gold standard, it really is that,” he says. “There’s a whole multitude of different kinds of responses but certainly Adobe appears to be way ahead of everybody else.”

Other companies were praised for offering attractive bug bounty programs in the face of a burgeoning market for zero days on the dark web, where vendors are selling off research from the security industry and making potential profits. “Are the bug bounties going to be anywhere near what someone can sell a zero day for? At the moment it doesn’t appear to be,” adds Samani. “We’re seeing certain organizations taking a very responsible approach regarding paying researchers, recognizing researchers, and I think it’s important to do that.”

Despite certain companies patching their software as swiftly as possible, there is still a culture of poor responses in the industry. “There’s a multitude of horror stories out there,” says Samani.

Intel Security's Raj Samani
Intel Security’s Raj Samani Security & Defence Agenda/Flickr

The report adds that overall there’s been a huge growth in malware, especially ransomware, with a couple of high-profile new samples hitting the scene. Ransomware grew 165 percent in the first quarter of 2015. The report credits this to the rise of major new ransomware families, CTB-Locker and Teslacrypt, along with updated versions of older strains like CryptoWall and TorrentLocker.

Ransomware has grown in popularity as people have become more amendable to paying, explains Samani, and its authors are more likely to target victims in richer countries. “The returns are really, really good,” he says. “If you’re looking at the specific threat actor being involved in cybercrime, their motive is to make money, then ransomware is a pretty profitable approach for them.”

CTB-Locker was one of the prevalent samples in the quarter. CTB stands for Curve, Tor, Bitcoin, with curve referring to the malware’s cryptography based on elliptical curves while the attacker’s control servers are placed on Tor and the ransom is listed in Bitcoin. The report anticipates that ransomware samples like this will continue to grow in the future.

McAfee Labs found that most other threats are either on the rise or holding steady from the previous report. The number of new mobile malware samples soared by 49 percent from Q4 2014 to Q1 2015.

“The number of total malware samples we’ve currently got in our zoo has hit 400 million. The total number of threats that we’re seeing are 362 per minute, which is about six every second,” explains Samani. “Basically what that means is within our malware zoo, we’ve now just hit the 400 million figure. That’s a 13 percent increase from Q4 2014 to Q1 2015.”

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more