Intel Security released its McAfee Labs Threats Report: August 2015, which includes a critique of graphics processing unit (GPU) malware claims, an investigation of the top cybercriminal exfiltration techniques, and a five-year retrospective on the evolution of the threat landscape since Intel Corporation’s announcement of the McAfee acquisition.
McAfee Labs commemorates the five-year anniversary of the Intel-McAfee union by comparing what researchers thought would happen beginning in 2010 with what actually happened in the realm of hardware and software security threats. Key researchers and executives reviewed our predictions on the security capabilities of silicon, the challenges of emerging hard-to-detect attacks, and our 2010 expectations for new device types versus the reality of the marketplace.
“We were impressed by the degree to which three key factors – expanding attack surfaces, the industrialization of hacking, and the complexity and fragmentation of the IT security market – accelerated the evolution of threats, and size and frequency of attacks,” said Vincent Weafer, senior vice president, Intel Security’s McAfee Labs. “To keep pace with such momentum, the cybersecurity community must continue to improve threat intelligence sharing, recruit more security professionals, accelerate security technology innovation, and continue to engage governments so they can fulfill their role to protect citizens in cyberspace.”
The August report also probes into the details of three proofs-of-concept (PoC) for malware exploiting GPUs in attacks. While nearly all of today’s malware is designed to run from main system memory on the central processing unit (CPU), these PoCs leverage the efficiencies of these specialized hardware components designed to accelerate the creation of images for output to a display. The scenarios suggest hackers will attempt to leverage GPUs for their raw processing power, using them to evade traditional malware defenses by running code and storing data where traditional defenses do not normally watch for malicious code.
Reviewing the PoCs, Intel Security agrees that moving portions of malicious code off of the CPU and host memory reduces the detection surface for host-based defenses. However, researchers argue that, at a minimum, trace elements of malicious activity remain in memory or CPUs, allowing endpoint security products to detect and remediate threats.
McAfee Labs also details techniques cybercriminals use to exfiltrate a wide variety of information on individuals from corporate networks: names, dates of birth, addresses, phone numbers, social security numbers, credit and debit card numbers, health care information, account credentials, and even sexual preferences. In addition to tactics and techniques used by attackers, this analysis examines attacker types, their motivations, and their likely targets, as well as the policies businesses should embrace to better detect exfiltration.