McAfee today revealed its McAfee Threat Report for the third quarter of 2010. Information like that provided by McAfee in these quarterly reports is valuable for IT admins--enabling them to keep a finger on the pulse of malware, and to stay in touch with emerging attack techniques and trends.
With the holiday shopping season upon us, cyber criminals will be pulling out all the stops and shifting into high gear to capitalize on the spike in online transactions and part naïve or gullible users from both their personal information and their money. Businesses and consumers both need to be on high alert and take a more proactive stance to guard against attacks.
A McAfee press release about the McAfee Threat Report states, "average daily malware growth has reached its highest levels, with an average of 60,000 new pieces of malware identified per day, almost quadrupling since 2007," adding, "At the same time, spam levels decreased in volume this quarter, both globally and in local geographies. Spam hit a two year low this quarter while malware continued to soar."
McAfee warns that, "Most recently, cybercriminals unleashed a Zeus botnet that is aimed at mobile devices and designed to intercept SMS messages to validate transactions. As a result, the criminal can perform all bank transactions, stealing funds from unsuspecting victims. McAfee also saw an increase in email campaigns attempting to deliver the Zeus botnet, under the disguise of the following recognized organization names: eFAX, FedEx, Internal Revenue Service, Social Security Administration, United States Postal Service and Western Union."
This report looks in-depth at the Stuxnet worm, which appears to have been crafted specifically to target the nuclear facility capabilities of Iran. More relevant to most IT admins, though, are the findings and analysis of social engineering attacks, and the potential risks associated with social networking.
"Our Q3 Threat report shows that cyber criminals are not only becoming more savvy, but attacks are becoming increasingly more severe," said Mike Gallagher, senior vice president and chief technology officer of Global Threat Intelligence for McAfee. "Cyber criminals are doing their homework, and are aware of what's popular, and what's insecure. They are attacking mobile devices and social networking sites, so education about user activity online, as well as incorporating the proper security technologies are of utmost importance."
As a security vendor, it could be argued that McAfee has a vested interest in alarming IT managers and the general public regarding computer security issues. It would be a sort of self-serving, and self-fulfilling prophecy to create a panic that drives sales of computer and network security tools.
I have never bought into the conspiracy theory that security vendors incite fear to boost sales. It would be a thinly-veiled con, and the short term gain would damage the reputation of the vendor and lead to irreparable long term harm.
McAfee has nothing to gain--at least not long term--from "crying wolf". The other way of looking at reports such as this is that McAfee--by virtue of being a major security vendor with an army of security researchers and customers scattered around the globe--is in a unique position to collect and study relevant data in order to provide expert analysis to identify trends and work more proactively to develop more effective security measures.