Prevalent threat intelligence challenges include dealing with the volume and quality of data being collected
McAfee Lab’s threat report for April 2017 has laid bare the threat intelligence challenges facing businesses, with 176 new cyber threats discovered every minute throughout Q4 2016.
It also delved into the inner workings of Mirai botnets, assessed reported attacks across different industries and reveals growth trends of some of today’s most prevalent cyber threats, such as malware and ransomware.
“The security industry faces critical challenges in our efforts to share threat intelligence between entities, among vendor solutions, and even within vendor portfolios,” said Vincent Weafer, vice president of McAfee Labs.
“Working together is power. Addressing these challenges will determine the effectiveness of cybersecurity teams to automate detection and orchestrate responses, and ultimately tip the cybersecurity balance in favour of defenders.”
The sharing of threat data and intelligence is one of the hottest topics in cyber security at the moment, as organisations have realised that the problem is simply too great for any one company to tackle alone.
But, the challenges are building. The volume of security alerts is making it harder to act on the highest-priority incidents, and attackers are frequently sending false threat reports to mislead intelligence systems.
Businesses are also struggling to respond to alerts in real-time and the failure to identify relevant patterns and key data points in threat data is making it impossible to turn data into intelligence that can inform and direct security operations teams.
These issues are highlighted in McAfee’s cyber attack data. For example, the total number of ransomware samples detected in 2016 grew by 88 percent. In comparison, the overall malware count increased by 24 percent to 638 million samples and mobile malware grew by 99 percent.
In Q4 specifically, the number of new malware and ransomware samples decreased by 17 percent and 71 percent respectively
The prevalence of Mac OS malware, although still small compared to Windows threats, significantly increased, growing by 245 percent in Q4 and 744 percent across the whole of 2016.
In terms of specific industries, the public sector experienced the greatest number of security incidents by far – possibly due to the introduction of stricter requirements for incident reporting – with the banking and gaming sectors also showing an increased number of attacks.
The Mirai botnet also had an extremely busy 2016, being responsibly for the highly publicised distributed denial of service (DDoS) attack on DNS provider Dyn.
McAfee estimates that the botnet managed to infect 2.5 million connected devices by the end of Q4 2016, with around five IoT device IP addresses added to Mirai botnets each minute at that time.
Quiz: Cyber security in 2017