GPU malware could be the next phase of evolution for Cybercrime: McAfee report
- 02 September, 2015 10:03
Malware for graphics cards, exfiltration techniques and a five-year retrospective of the Cyber-crime scene form the focus of the latest McAfee Labs Threats Report: August 2015, from Intel Security.
The vendor is celebrating five years since the Intel-McAfee union by comparing what researchers thought would happen beginning in 2010 with what actually happened in the realm of hardware and software security threats.
Intel said key researchers and executives had reviewed predictions on the security capabilities of silicon, the challenges of emerging hard-to-detect attacks, and McAfee’s 2010 expectations for new device types versus the reality of the marketplace.
The vendor said its five-year threat landscape analysis suggests:
- It foresaw threats targeting hardware and firmware components and threatening runtime integrity.
- Increasingly evasive malware and long-running attacks did not surprise Intel Security, but some of the specific tactics and techniques were unimagined five years ago.
- Although the volume of mobile devices has increased even faster than it expected, serious broad-based attacks on those devices had grown much more slowly than the security team anticipated.
- The industry is seeing just the beginnings of attacks and breaches against IoT devices
- Cloud adoption changed the nature of some attacks, as devices are attacked not for the small amount of data that they store, but as a path to where the important data resides.
- Cyber-crime has grown into a full-fledged industry with suppliers, markets, service providers, financing, trading systems, and a proliferation of business models.
- Businesses and consumers still don’t pay pay attention to updates, patches, password security, security alerts, default configurations, and other easy but critical ways to secure cyber and physical assets.
- The discovery and exploitation of core Internet vulnerabilities has demonstrated how some foundational technologies are under funded and understaffed.
- There is growing, positive collaboration between the security industry, academia, law enforcement, and governments to take down cyber-criminal operations.
Intel Security’s McAfee Labs senior vice president, Vincent Weafer, said the security vendor was impressed by the degree to which expanding attack surfaces, the industrialisation of hacking, and the complexity and fragmentation of the IT security market had accelerated the evolution of threats, and size and frequency of attacks.
“To keep pace with such momentum, the cyber-security community must continue to improve threat intelligence sharing, recruit more security professionals, accelerate security technology innovation, and continue to engage governments so they can fulfil their role to protect citizens in cyberspace,” he said.
The report also probed into details of three proofs-of-concept (PoC) for malware exploiting GPUs in attacks. While nearly all malware is designed to run from main system memory on the central processing unit (CPU), the PoC leverage the efficiencies of these specialised hardware components designed to accelerate the creation of images for output to a display.
McAfee Labs said the scenarios suggest hackers will attempt to leverage GPUs for their raw processing power, using them to evade traditional malware defences by running code and storing data where traditional defences do not normally watch for malicious code.
Reviewing the PoC, Intel Security agrees that moving portions of malicious code off of the CPU and host memory reduces the detection surface for host-based defences. However, researchers argue that, at a minimum, trace elements of malicious activity remain in memory or CPUs, allowing endpoint security products to detect and remediate threats.
The report also detailed techniques Cyber-criminals use to exfiltrate a wide variety of information on individuals from corporate networks such as: names, dates of birth, addresses, phone numbers, social security numbers, credit and debit card numbers, health care information, account credentials, and even sexual preferences.
In addition to tactics and techniques used by attackers, the analysis examined attacker types, motivations and likely targets, as well as policies businesses should embrace to better detect exfiltration.
The August 2015 report also identified a number of other developments in the second quarter of 2015:
- Ransomware: Ransomware continues to grow very rapidly – with the number of new ransomware samples rising 58 per cent in Q2. The total number of ransomware samples grew 127 per cent from Q2 2014 to Q2 2015. Intel Security attributed the increase to fast-growing new families such as CTB-Locker, CryptoWall, and others
- Mobile slump: The total number of mobile malware samples grew 17 per cent in Q2, but mobile malware infection rates declined about 1 per cent per region this quarter. Exceptions were North America, which dropped almost 4 per cent, and Africa, which remained unchanged.
- Spam botnets: The trend of decreasing botnet-generated spam volume continued through Q2, as the Kelihos botnet remained inactive. Slenfbot again claims the top rank, followed closely by Gamut, with Cutwail rounding out the top three.
- Suspect URLs: The company said that every hour in Q2, more than 6.7 million attempts were made to entice its customers into connecting to risky URLs via emails, browser searches and other methods.
- Infected files: The research also found that every hour in Q2 more than 19.2 million infected files were exposed to McAfee customers’ networks.