The McAfee Labs Threat Report for Q3 2014 is out.  (McAfee is part of Intel Security)  As one of my longstanding benchmarks to track malware growth and velocity, this issue does not disappoint. 

Here are my Top 5 most interesting metrics, every security professional should be thinking about.

  1. Signing Malware continues to skyrocket as a practice by attackers, more than doubling to 40 million samples, a growth of over 1000% in two years!
    McAfee Q3 2014 - Signed Binaries.jpgSigning malware with legitimate and trusted certificates is a great tactic for attackers to get their harmful files past network filters and security controls to be installed by unaware users.  We will see this trend continue, because it works.  In fact, I predict a more mature market to emerge for selling and using stolen credentials by hacking communities and darknet enterprises.  Be careful who you trust. 
    “Trust is the currency of security, without it we are bankrupt.”
  2. New Malware is created at a rate of over 5 per second, 307 per minute
    McAfee Q3 2014 - New Malware.jpgThe relentless onslaught of malware production continues to grow at a tremendous pace.  Can attackers sustain this insane growth rate?  Yes.  Malware is easy to create, customize, and deploy.  More advanced and well-funded attackers have the ability to produce more complex malicious software to compromise systems and environments.  Take all necessary precautions and expect this trend to persist.  Rely on security products, services, architectures, vendors ,and employees who can keep pace with the attackers.
  3. Total Malware in existence exceeds 300 million, growing 76% over the past year
    McAfee Q3 2014 - Total Malware.jpgThe malware zoo grows every year and now exceeds 300 million distinct samples.  It is mind boggling that we must be protected against each of these critters.  The electronic world is truly a hazardous place.  For organizations, establishing a comprehensive layered set of defenses, starting at the perimeter, supported within the network, reinforced with specialized communication protections (web, email, IM, etc.), embedded on client devices, and with good judgment of users, is the only way to survive the onslaught over time. 
  4. Mobile malware jumps 112% from last year
    McAfee Q3 2014 - Mobile Malware.jpgRisks of malware on our mobile devices continue on a steady rise.  Not a sexy news grabbing story, but how long can we ignore these growing threats to our most used computing device? 
  5. Denial of Service still the king of network attacks
    McAfee Q3 2014 - Top Network Attacks.jpgDenial of Service attacks are still most prevalent but aren’t necessarily the most impactful.  As attackers leverage other tools and methods to achieve their objectives, the mix will shift and DOS attacks will wane.  Will you and your organization be ready as attacks change to more effective ways to cause harm?  Security is an ongoing endeavor and planning for the future is a requirement for sustaining a strong posture.  Past successes won’t stop attackers in the future.  As Sun Tsu said over 2 thousand years ago, persistence is not important in combat, only victory.  Think ahead and prepare for how the threats will evolve.  It is your move.

 

Twitter: @Matt_Rosenquist

IT Peer Network: My Previous Posts

LinkedIn: http://linkedin.com/in/matthewrosenquist

My Blog: Information Security Strategy