The number of new ransomware samples continues to drop, but rootkits may be coming back
For several years the number of new Windows rootkits has been dropping for a variety of reasons, including the added protection in 64-bit processors and operating systems.
But a new report from McAfee Inc. says it has detected an increase in rootkits, although they were built around a single 32-bit family.
Nevertheless, it concludes that attackers have learned how to hijack root-level digital certificates, exploit existing kernel vulnerabilities, and find ways around 64-bit security safeguards. “We believe new 64-bit bypass techniques will soon lead to an increase in rootkit-based attacks,” the report says.
That’s one of the conclusion in the quarterly report issued Tuesday on recent cyberthreat trends.
Not unexpectedly, a section also mirrors a trend spotted by other security researchers that mobile malware continues to rise. This means, McAfee argues, that it isn’t enough for mobile operating system creators to increase platform protection: Mobile app developers have to do a better job protecting their apps, it says. At the same time mobile users have to shoulder more responsibility by being more careful when granting permission from apps to access to their data.
App stores also have to get tougher, the report adds, ensuring that all data access comes only from authenticated and authorized client apps.
McAfee says it has found a suspicious Android app, dubbed Android/BadInst.A, on the Google Play store that automatically downloads, installs and launches other apps without user permission, which is usually required when manually installing apps from the store. The communications protocol used between the Google Play server and the service app on mobile devices isn’t documented, McAfee notes. It suspects the developer reverse-engineered the protocol. The obtained authorization tokens can be used for other Google services other than Google Play, so malware could easily lead to user information leaks and impersonation, McAfee concludes.
Another Android app is a Trojan that disguises itself as an update for Adobe Flash Player or another legitimate utility app and exploits a security flaw in a digital wallet to steal money. There’s also a Trojan that exploits an encryption method weakness in the messaging app What’sApp. The vulnerability has since been fixed.
One puzzling trend is that the number of new ransomware samples dropped for the third straight quarter. Good news? Probably not. Like the pattern seen in rootkits, exploits rise and fall. Expect the same here.
Cisco Secure Mobility Knowledge Hub
This Knowledge Hub provides an end-to-end look at what it takes to discover, plan, and implement a successful Secure Mobility strategy.