According to McAfee Labs Threats Report from March 2016, new ransomware increased its growth rate with a 26% quarter-over-quarter compared to Q4 2015.
The latest survey shows that the open-source ransomware code and ransomware-as-a-service continue to make it simpler to launch attacks, the Teslacrypt and CryptoWall 3 campaigns keep extending their reach, and the ransomware campaigns are still financially lucrative.
According to the threat report, the fourth quarter of 2015 pointed a 72% quarter-over-quarter increase in new mobile malware samples, as malware creators have produced new malware faster.
The survey also showed that the number of new malicious signed binaries has dropped each quarter for the past year, in Q4 2015 reaching the lowest level since Q2 2013. According to the experts, the decline can be attributed in part to some older certificates with significant presence in the dark market which are either expiring or being revoked as businesses migrate to stronger hashing functions.
In addition, the Threats Report from March 2016 assesses the attitudes of 500 cybersecurity professionals toward cyber threat intelligence (CTI) sharing, examines the inner workings of the Adwind* remote administration tool (RAT), and details surges in ransomware, mobile malware, and overall malware in Q4 2015.
Out of the 42% of respondents who report using shared threat intelligence, 97% believe that it enables them providing better protection for their company. 59% of the participating respondents find such sharing to be “very valuable” to their organizations, while 38% find sharing to be “somewhat valuable.”
About unanimous 91% of respondents voice interest in industry-specific cyber threat intelligence, with 54% responding “very interested” and 37% responding “somewhat interested.” Financial services and critical infrastructure services stand to benefit most from such industry-specific CTI given the highly specialized nature of threats in these two mission-critical industries.
63% of respondents claim that they may be willing to go beyond just receiving shared CTI to contributing their own data, as long as it can be shared within a secure and private platform. Nevertheless, the idea of sharing their own information is met with varying degrees of enthusiasm, with 24% responding they are “very likely” to share while 39 percent are “somewhat likely” to share.
Respondents say behavior of malware (72%), followed by URL reputations (58%), external IP address reputations (54%), certificate reputations (43%), and file reputations (37%).
54% of respondents identify corporate policy as the reason, followed by industry regulations (24%).
The other respondents whose organizations do not share data report being interested but need more information (24%), or are concerned shared data would be linked back to their firms or themselves as individuals (21%).
According to the-above mentioned statistics, there is a lack of experience with, or knowledge of, the varieties of CTI integration options available to the industry, accompanied by a lack of understanding of the legal implications of sharing CTI.