McAfee Labs Threats Report Takes Another Step Forward

In September, we invited readers of the McAfee Labs Threats Report to complete a short survey and let us know what they think about the report. Here’s what we learned.

Readers are most interested in learning about the most significant threats and how to defend against them. Most also want to know what threats are just over the horizon.

Blog why read

One-quarter of our audience reads all reports; three-quarters read most reports. And half found the report more valuable than other threats reports. That’s great to hear!

But by far the most significant lesson is that two-thirds of readers asked us to provide more recommendations about how to defend against specific threats. That feedback objectively confirms what Bradon Rogers, Senior VP of Product & Solutions Marketing, hears from customers.

With that in mind, starting with the McAfee Labs Threats Report: November 2014, published today, we will also publish threats report “solution briefs” corresponding to the Key Topics covered in each report. Rogers discusses the two November Threats Report solution briefs in his blog.

***

In the November Threats Report, we detail the far-reaching BERserk vulnerability, explore the various forms of trust abuse, provide our usual host of threats statistics, and offer a set of threats predictions for 2015.

Blog cover image

Here’s an overview of each Key Topic:

Going BERserk: trusted connectivity takes a big hit

In September, Intel Security released details of a far-reaching vulnerability dubbed BERserk, in a nod to the underlying code that forms the source of the vulnerability. BERserk’s full impact is not yet known, but it is very significant. BERserk takes advantage of a flaw in RSA’s signature-verification software, opening the door to cybercriminals to establish man-in-the-middle attacks without users knowledge. Establishing trust when accessing a website usually starts with “https” at the beginning of a URL coupled with a friendly padlock to seal the deal. BERserk compromises that link, allowing bad guys to watch and do anything they want with the flow of information between the user and the website.

Abuse of trust: exploiting online security’s weak link

The weakest links in most security setups are users. We rely on devices for most of our information and trust that they provide accurate data in a secure manner. Attackers often zero in on the trust we place in our devices, using it against us to steal information. This topic explores trust abuse, highlighting through recent examples the many ways in which cybercriminals take advantage of our trust relationships. McAfee Labs believes that trust in many forms of online interaction will go the way of email, which inspires limited confidence in its authenticity.

Here are a few of the most interesting threats predictions for 2015:

Cyber Espionage

Cyber espionage attacks will continue to increase in frequency. Long-term players will become stealthier information gatherers while newcomers will look for ways to steal money and disrupt their adversaries.

Internet of Things

Attacks on the Internet of Things devices will increase rapidly due to hypergrowth in the number of connected objects, poor security hygiene, and the high value of data on those devices.

Malware beyond Windows

Non-Windows malware attacks will explode, fueled by the Shellshock vulnerability.

Ransomware

Ransomware will evolve its methods of propagation, encryption, and the targets it seeks. More mobile devices will suffer attacks.

Mobile

Mobile attacks will continue to grow rapidly as new mobile technologies expand the attack surface and little is done to stop app store abuse.

We encourage you to take a look at the November Threats Report. And because we learned so much from the reader survey in our August report, we invite you to share your thoughts about the November report.

Thank you for your readership. We look forward to your feedback.

The post McAfee Labs Threats Report Takes Another Step Forward appeared first on McAfee.