Intel Security has recently released its McAfee Labs Threats Report: December 2016, which provides insights into how enterprises are using security operations centres (SOCs).
The report also detailed key 2016 developments in ransomware, and illustrates how attackers are creating difficult-to-detect malware by infecting legitimate code with Trojans and leveraging that legitimacy to remain hidden as long as possible. The December report also details the growth of ransomware, mobile malware, macro malware, Mac OS malware, and other threats in Q3 2016.
“One of the harder problems in the security industry is identifying the malicious actions of code that was designed to behave like legitimate software, with low false positives,” said Vincent Weafer, Vice President of Intel Security’s McAfee Labs. “The more authentic a piece of code appears, the more likely it is to be overlooked. Just as 2016 saw more ransomware become sandbox aware, the need to conceal malicious activity is driving a trend toward ‘Trojanizing’ legitimate applications. Such developments place an ever greater workload on an organization’s SOC—where success requires an ability to quickly detect, hunt down, and eradicate attacks in progress.”
In mid-2016, Intel Security commissioned a primary research study to gain a deeper understanding of the ways in which enterprises use SOCs, how they have changed over time, and what they will look like in the future. Interviews with nearly 400 security practitioners across several geographies, industries, and company sizes yielded valuable information on the state of the SOC in 2016.
According to the report, on average, organizations are unable to sufficiently investigate 25 percent of their security alerts, with no significant variation by country or company size. It also noted that while most respondents acknowledged being overwhelmed by security alerts, as many as 93 percent are unable to triage all potential threats. Furthermore, 67 percent of respondents reported an increase in security incidents.
Survey respondents said that the highest priority for SOCs growth and investment is to improve the ability to respond to confirmed attacks, which includes the ability to coordinate, remediate, eradicate, learn, and prevent reoccurrences.
In the third quarter of 2016, McAfee Labs’ Global Threat Intelligence network registered notable surges in ransomware, mobile malware, and macro malware. The count of total ransomware grew by 18 percent in Q3 2016 and 80 percent since the beginning of the year. The growth of new unique malware dropped 21 percent in Q3. The report also revealed that over two million new mobile malware threats in Q3. Infection rates in Africa and Asia each dropped by 1.5 percent, while Australia increased by 2 percent in Q3.