There was a staggering 165% increase in ransomware attacks in the first three months of this year, while Adobe Flash malware soared 317% from Q4 2014, according to the latest threat report from McAfee.
The security giant’s McAfee Labs Threat Report for Q1 2015 claimed that the rise in ransomware could largely be explained by the prolific but hard-to-detect CTB-Locker family, as well as newcomer Teslacrypt, and new versions of CryptoWall, TorrentLocker and BandarChor.
CTB-Locker’s C&C servers are placed on the Tor network, making them almost impossible to locate and take down. It also uses “evasive techniques” to bypass security software, the report claimed.
It added:
“Second, the phishing emails used in CTB-Locker campaigns are more “believable” than in other ransomware campaigns. For example, the malware uses local businesses and location-relevant filenames. Finally, the presence of an affiliate program has allowed CTB-Locker to very quickly flood the market with phishing campaigns before systems have been updated with security software that can detect and contain the attacks.”
It wasn’t just ransomware causing problems in Q1 this year – Adobe Flash malware spiked as 42 new vulnerabilities flooded the market and attackers took advantage of users who were slow to patch.
A final noteworthy trend of the first three months of the year relates to the infamous Equation Group.
It was thought that the sophisticated APT group had only been exploiting HDD firmware, but McAfee claims it has also been attacking SSD kits in extremely dangerous software-hardware threats.
After reprogramming the firmware, it will apparently reload malware every time it boots – persisting even if the drives are reformatted or the OS re-installed. Security software is said to be unable to detect this malware.
“We have closely monitored both academic proofs of concept and in-the-wild cases of malware with firmware or BIOS manipulation capabilities, and these Equation Group firmware attacks rank as some of the most sophisticated threats of their kind,” said Vincent Weafer, senior vice president of McAfee Labs.
“While such malware has historically been deployed for highly-targeted attacks, enterprises should prepare themselves for the seemingly inevitable ‘off-the-shelf’ incarnations of such threats in the future.”