McAfee recently published its McAfee Threat Report: Second Quarter 2010 revealing a variety of interesting and relevant details about the current state of the malware threat. The McAfee report contains cause for concern and demonstrates why it's more important than ever that organizations not let their computer and network security guard down.
The report finds that the volume of spam has leveled off--remaining relatively stagnant, but that the first six months of 2010 represent the most active half-year ever for malware. Attackers are targeting USB drives and other portable storage devices, and social networking services, and they are increasingly skilled at camouflaging attacks behind stories ripped from the headlines to draw the most attention from gullible users.
"Our latest threat report depicts that malware has been on a steady incline in the first half of 2010," said Mike Gallagher, senior vice president and chief technology officer of Global Threat Intelligence for McAfee in a McAfee press release. "It's also obvious that cybercriminals are becoming more in tune with what the general public is passionate about from a technology perspective and using it to lure unsuspecting victims. These findings indicate that not only should cybercrime education be more widespread, but that security organizations should move from a reactive to a predictive security strategy."
To aid IT admins and information security professionals embrace "offensive security", McAfee dedicated the latest issue of the McAfee Security Journal to addressing the concept. McAfee sees the writing on the wall, and it is issuing a call to arms for the security industry to get proactive rather than playing the victim.
"Cybercriminals prosper because they have very little reason to fear the consequences," said Jeff Green, senior vice president of McAfee Labs. "As security experts, it's time to take a hard look at what we do, how we do it, and what our ultimate goals are. The tools and techniques of cybercrime continue to grow in number and sophistication at alarming rates. Every time we release a new statistic about the rise in malware it points to our failure as an industry."
The McAfee Security Journal contains prescriptive guidance directing organizations to use common hacker techniques to test their own software and Web sites before the bad guys do. McAfee also urges security professionals to cooperate more--sharing relevant information and working together to take down major security threats.
"As we look at the evolution of risky domains and Web sites over multiple years, we can't avoid the conclusion that the risk keeps increasing in both volume and sophistication," said David Marcus, director of security research and communications for McAfee Labs. "If we want to stop being victims, then the good guys need to advance security efforts as threats evolve."
Malware developers are adept at exploiting emerging technologies and staying one step ahead of attempts to thwart them. The reactive model of scanning based on malware signatures is out of date and ready to collapse under the weight of the sheer volume of malware threats. It's time for a new strategy, and McAfee seems to have the right idea.