The most alarming discovery by Intel / Mcafee researchers is that the Equation Group?s malware includes hard disk drive and solid state drive reprogramming modules. Once reprogrammed, a compromised system remains infected even if the hard drive is reformatted or the operating system is reinstalled. Further, the reprogrammed firmware and associated malware are undetectable by security software.
The new McAfee Labs Threats Report: May 2015 also focuses on two familiar faces-ransomware and Adobe Flash exploits-because McAfee Labs saw massive increases in new samples this quarter from both types of threat.
For ransomware, much of its growth is attributed to a new, hard-to-detect ransomware family-CTB-Locker-and its use of an "affiliate" program to quickly flood the market with phishing campaigns, leading to CTB-Locker infections. With the newly discovered Tox malware, an off-the-shelf application that lets users build their own ransomware, Intel Security researchers expect ransomware to continue its "meteoric rise."
McAfee Labs Threats Report for May found that ransomware surged 165 percent in the first quarter, rebounding from a slight dip earlier in 2014 when police agencies worldwide staged a coordinated crackdown to knock out a major ransomware network.
McAfee Labs also attributes the rise in Flash exploits to the steady increase in the number of Flash vulnerabilities; user and enterprise delay in the application of software patches for those vulnerabilities; new, creative methods to exploit them; a steep increase in the number of mobile devices that can play Flash .swf files; and the difficulty of detecting Flash exploits.
Adobe Flash malware grew 317 percent in the first quarter. Intel Security spotted 200,000 samples of Flash malware among its customer base of hundreds of millions of phone and computer users worldwide.