In its latest quarterly threat report, security software developer McAfee warns of a burgeoning cybercrime industry supplying malicious code, the misuse of legitimate code-signing certificates, a Microsoft Office zero-day exploit, and mobile apps that collect user data.
Malware as an Industry
The recently released McAfee Labs Threats Report: Fourth Quarter 2013 (PDF) mentions how the cybercrime industry is providing the malware that seems to be behind high-profile attacks. Neiman Marcus, White Lodging, and Michaels Stores are just a few of the businesses that seem to have been victims of off-the-shelf point-of-sale malware in 2013.
Attackers can then sell stolen credit card information on the online black market, where, according to IT security firm Hold Security, you can also find around 360 million stolen sets of personal credentials and 1.25 billion email addresses for sale.
McAfee Labs says the cybercrime industry has played a key role in enabling and monetizing the results of these attacks.
Can We Trust CA Signatures?
McAfee Labs is also questioning whether the Certificate Authority model can be trusted, given a growing number malicious binaries with signed certificates. In the fourth quarter of 2013, researchers discovered more than 2.3 million new and unique malicious signed binaries, an increase of more than 50 percent from the previous quarter.
Most of this growth, they say, is due to content distribution networks such as downloadmr.com which allow developers to upload their programs or URL links to an external application, and wrap these binaries in a signed installer. This provides nefarious developers a distribution channel as well as a cloak of legitimacy.
Microsoft Office Zero-Day Exploit Used to Steal Information
In November, McAfee Labs discovered a zero-day exploit that exploits a vulnerability in the Word Open XML format, which has now been patched. This was used in targeted attacks against high-profile organizations in the Middle East and Asia including some in the Pakistani military.
Attackers used this exploit to try to steal sensitive data by locating and exfiltrating specific file types such as .pdf, .txt, .ppt, .doc, and .xls in the victim’s environment.
Distinguishing “Overcollecting” Mobile Apps and Malware
With the prevalence of mobile apps that collect both user data and mobile device telemetry, it’s often hard to distinguish between malware and legitimate apps where tracking is benign. For instance 82 percent of all mobile apps track when you use Wi-Fi and data networks, when you turn on your device, or your current and last location. 80 percent collect location information, and 57 percent track when the phone is used.
Attack vectors for mobile malware typically include app downloads, visits to malicious websites, spam, malicious SMS messages, and malware-bearing ads. Once installed, the malware will typically siphon off user data, or it may install more malicious malware or hijack the device to be part of a botnet.
McAfee Labs also notes that these compromised devices have profound business security implications given that many corporations are allowing individuals to bring their own devices to work and connect to their networks.
In the fourth quarter of 2013, McAfee Labs’ malware “zoo”, where it keeps unique malware samples, grew by 15 percent, to more than 196 million. Meanwhile, the number and variety of attacks in the wild seem to be growing.