Press Releases

“McAfee Labs Threats Report: February 2015” Finds Mobile Apps Left Vulnerable for Months

Top Network Attacks: Browser, denial of service, and brute force remain the top three network attacks in Q4, though DoS (Denial of Service) declined by almost half from Q3. SSL (Secure Sockets Layer) increased by 4% and Shellshock now appears on our threats pie, in fifth place, due to the continuing popularity of Heartbleed and Shellshock attacks. McAfee Labs Threats Report, February 2015 page 45

Top Network Attacks: Browser, denial of service, and brute force remain the top three network attacks in Q4, though DoS (Denial of Service) declined by almost half from Q3. SSL (Secure Sockets Layer) increased by 4% and Shellshock now appears on our threats pie, in fifth place, due to the continuing popularity of Heartbleed and Shellshock attacks. McAfee Labs Threats Report, February 2015 page 45

This video presents Apple SSL vulnerability alows hackers to snoop.

  • Robert Siciliano identity theft speaker and expert discusses Apple SSL vulnerability alows hackers to snoop. http://robertsiciliano.com/

Location of Servers Hosting Suspect Content: McAfee Labs Threats Report, February 2015 page 41

Location of Servers Hosting Suspect Content: McAfee Labs Threats Report, February 2015 page 41

Intel Security today released its McAfee Labs Threats Report: February 2015 (pdf), which includes assessments of the mobile threat landscape and the failure of mobile app developers to patch critical secure sockets layer (SSL) vulnerabilities, potentially impacting millions of mobile phone users.

  • McAfee Labs researchers simulated man-in-the-middle (MITM) attacks that successfully intercepted information shared during supposedly secure SSL sessions.
  • The vulnerable data included usernames and passwords and in some instances, login credentials from social networks and other third party services.

Furthermore, McAfee Labs tested the 25 most popular apps on the Computer Emergency Response Team’s list of vulnerable mobile apps that send login credentials through insecure connections and found that 18 still have not been patched despite public disclosure, vendor notification, and in some cases, multiple version updates addressing concerns other than security.

Top Countries Hosting Phishing Domains: McAfee Labs Threats Report, February 2015 page 42

Top Countries Hosting Phishing Domains: McAfee Labs Threats Report, February 2015 page 42

Other key findings from the report covering the final quarter of 2014 include:

  • Mobile Malware: McAfee Labs reported that mobile malware samples grew 14 per cent during the fourth quarter of 2014, with Asia and Africa registering the highest infection rates.
  • Potentially Unwanted Programs (PUPs): In Q4, McAfee Labs detected PUPs on 91 million systems each day. McAfee Labs sees PUPs becoming more and more aggressive, posing as legitimate apps while performing unauthorized actions such as displaying unintended ads, modifying browser settings, or collecting user and system data.
  • Ransomware: Beginning in Q3, the number of new ransomware samples began to grow again after a four-quarter decline. In Q4, the number of new samples grew 155 per cent.
  • Total Malware: McAfee Labs now detects 387 new samples of malware every minute, or more than six every second.
Top Countries Hosting Spam Domains: McAfee Labs Threats Report, February 2015 page 43

Top Countries Hosting Spam Domains: McAfee Labs Threats Report, February 2015 page 43

The full report can be found here: http://www.mcafee.com/common/js/asset_redirect.html?eid=15Q1NAPROSM4894&url=http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q4-2014.pdf.

For a list of safety tips on how individual users can protect themselves from the threats details in this quarter’s report, please visit: http://mcaf.ee/5z86x.

PRESS RLEASE

McAfee Labs Finds Mobile Apps Left Vulnerable for Months

Report finds 18 of 25 top mobile apps reported vulnerable in September 2014 remain unpatched; Unsecured Web sessions leave millions open to man-in-the-middle attacks

SANTA CLARA, Calif. February 24, 2015 – Intel Security today released its McAfee Labs Threats Report: February 2015, including assessments of the mobile threat landscape and the failure of mobile app developers to patch critical secure sockets layer (SSL) vulnerabilities, potentially impacting millions of mobile phone users. McAfee Labs also revealed details on the increasingly popular Angler exploit kit, and warned of increasingly aggressive potentially unwanted programs (PUPs) that change system settings and gather personal information without the knowledge of users.

McAfee Labs researchers found that mobile app providers have been slow to address the most basic SSL vulnerabilities: improper digital certificate chain validation. In September 2014, the Computer Emergency Response Team (CERT) at Carnegie Mellon University released a list of mobile apps possessing this weakness, including apps with millions of downloads to their credit.

In January, McAfee Labs tested the 25 most popular apps on CERT’s list of vulnerable mobile apps that send login credentials through insecure connections and found that 18 still have not been patched despite public disclosure, vendor notification, and, in some cases, multiple version updates addressing concerns other than security. McAfee Labs researchers simulated man-in-the-middle (MITM) attacks that successfully intercepted information shared during supposedly secure SSL sessions. The vulnerable data included usernames and passwords and in some instances, login credentials from social networks and other third party services.

Although there is no evidence that these mobile apps have been exploited, the cumulative number of downloads for these apps ranges into the hundreds of millions. Given these numbers, McAfee Labs’ findings suggest that the choice by mobile app developers to not patch the SSL vulnerabilities has potentially put millions of users at risk of becoming targets of MITM attacks.

“Mobile devices have become essential tools for home to enterprise users as we increasingly live our lives through these devices and the applications created to run on them,” said Vincent Weafer, Senior Vice President of McAfee Labs, part of Intel Security. “Digital trust is imperative for us to truly engage with and benefit from the functionality they can provide. Mobile app developers must take greater responsibility for ensuring that their applications follow the secure programming practices and vulnerability responses developed over the past decade, and by doing so provide the level of protection required for us to trust our digital lives with them.”

Another Q4 development followed closely by McAfee Labs was the rise of the Angler exploit kit — One of the cybercrime-as-a-service economy’s latest contributions to off-the-shelf tools delivering ever greater malicious functionality. Researchers saw cybercriminals migrate to Angler in the second half of 2014, when it surpassed Blacole in popularity among exploit kits. Angler employs a variety of evasion techniques to remain undetected by virtual machines, sandboxes, and security software, and frequently changes patterns and payloads to hide its presence from some security products.

This crimeware package contains easy-to-use attack features and new capabilities such as file-less infection, virtual machine and security product evasion, and the ability to deliver a wide range of payloads including banking Trojans, rootkits, ransomware, CryptoLocker, and backdoor Trojans.

The report also identified a number of other developments in the final quarter of 2014:

  • Mobile Malware: McAfee Labs reported that mobile malware samples grew 14 per cent during the fourth quarter of 2014, with Asia and Africa registering the highest infection rates. At least eight per cent of all McAfee-monitored mobile systems reported an infection in Q4 2014, with much of the activity being attributed to the AirPush ad network.
  • Potentially Unwanted Programs: In Q4, McAfee Labs detected PUPs on 91 million systems each day. McAfee Labs sees PUPs becoming more and more aggressive, posing as legitimate apps while performing unauthorized actions such as displaying unintended ads, modifying browser settings, or collecting user and system data.
  • Ransomware: Beginning in Q3, the number of new ransomware samples began to grow again after a four-quarter decline. In Q4, the number of new samples grew 155 per cent.
  • Signed Malware: After a brief drop in new malicious signed binaries, the pace of growth resumed in Q4 with a 17 per cent increase in total signed binaries.
  • Total Malware: McAfee Labs now detects 387 new samples of malware every minute, or more than six every second.

For a full copy of the McAfee Labs Threats Report: February 2015, please visit: http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q4-2014.pdf.

For a list of safety tips on how individual users can protect themselves from the threats details in this quarter’s report, please visit: http://mcaf.ee/5z86x.

For guidance on how mobile app developers can address security vulnerabilities more effectively, please visit: http://mcaf.ee/ndwei.

About McAfee Labs

McAfee Labs is the threat research division of Intel Security and one of the world’s leading sources for threat research, threat intelligence, and cybersecurity thought leadership. The McAfee Labs team of more than 400 researchers collects threat data from millions of sensors across key threat vectors—file, web, message, and network. It then performs cross-vector threat correlation analysis and delivers real-time threat intelligence to tightly integrated McAfee endpoint and network security products through its cloud-based McAfee Global Threat Intelligence service. McAfee Labs also develops core threat detection technologies—such as DeepSAFE, application profiling, and graylist management—that are incorporated into the broadest security product portfolio in the industry.

About Intel Security

McAfee is now part of Intel Security. With its Security Connected strategy, innovative approach to hardware-enhanced security, and unique McAfee Global Threat Intelligence, Intel Security is intensely focused on developing proactive, proven security solutions and services that protect systems, networks, and mobile devices for business and personal use around the world. Intel Security is combining the experience and expertise of McAfee with the innovation and proven performance of Intel to make security an essential ingredient in every architecture and on every computing platform. The mission of Intel Security is to give everyone the confidence to live and work safely and securely in the digital world. www.intelsecurity.com.

Note: Intel, Intel Security, and McAfee are trademarks or registered trademarks of Intel Corporation in the United States and other countries. Other names and brands may be claimed as the property of others.

*****

McAfee Canada, now part of Intel Security, maintains a website called “The State of Consumer and Enterprise Security in Canada” (http://mcaf.ee/canadastats) in order to provide a one-stop shop for writers looking for information on a variety of trends and issues affecting and shaping the Canadian security landscape. Feel free to check out the McAfee Canada resource site for security information, statistics, story ideas, and access to published McAfee surveys and studies.


The following video presents How Intel Security Defends Against Malware:

When your enterprise reaches the next level, it faces next-level threats. And if its only defense comes from software, your enterprise may be in jeopardy. Here’s Intel’s philosophy: make security software stronger, with strong hardware. See how Intel arms your software with the visibility and tools it needs to prevent, find, freeze, and fix vulnerabilities.