Security report highlights surge in ransomware, flash exploits, firmware attacks

By  | 

In its latest threat report, Intel’s McAfee Labs has reported a surge in ransomware, flash exploits, with a special mention of an undetectable firmware attack that is capable of reprogramming hard disk drives and solid state drive firmware.

McAfee Labs note in its report for May 2015 that there has been a 317 per cent increase in malware that target vulnerabilities in Adobe Flash. The security company attributes the rise in Flash exploits to the steady increase in the number of Flash vulnerabilities; user and enterprise delay in the application of software patches for those vulnerabilities; new, creative methods to exploit them; a steep increase in the number of mobile devices that can play Flash .swf files; and the difficulty of detecting Flash exploits.

In the first quarter, 42 new Flash CVEs were added to the database, an increase of 50 per cent from the 28 Flash vulnerabilities found in the fourth quarter of 2014. In fact, there has been a steady increase in the number of Flash vulnerabilities since the beginning of 2014 notes McAfee. The most recent period has seen the highest number of vulnerabilities ever reported in a quarter.

Flash exploits began to increase dramatically beginning in the last quarter of 2014. Flash vulnerabilities are now among the main targets of exploit authors.

Among the exploit kits delivering Flash exploits, Angler has become the most popular. This powerful kit, discussed in depth in the McAfee Labs Threat Report: February 2015, is an off-the-shelf, easy-to-use toolkit that can deliver a wide variety of payloads through the exploitation of vulnerabilities.

The report also talks about surge in ransomware attacks driven by CTB-Locker, Teslacrypt, and new versions of CryptoWall, TorrentLocker, and BandarChor. McAfee dubs CTB-Locker has using “clever techniques” for evading security software; and attributes its success to higher-quality phishing emails and “affiliate” program that can easily dupe users into making ransom payments.

The report makes a special mention of a rare but extremely sophisticated attack campaign. The “Equation Group,” named for their affinity for complex encryption schemes, is thought to be behind the attacks. The most alarming discovery is that the Equation Group’s malware includes hard disk drive and solid state drive reprogramming modules. Once reprogrammed, a compromised system remains infected even if the hard drive is reformatted or the operating system is reinstalled. Further, the reprogrammed firmware and associated malware are undetectable by security software. This marks the first time in a Threats Report that McAfee Labs has examined a firmware-based attack.