McAfee Labs on malware: They can rebuild them — better, stronger, faster


McAfee Labs found 176 new cyber threats per minute in the fourth quarter of 2016, almost three per second, according to the security software company’s April 2017 threats report. 

The public sector experienced the greatest number of reported incidents, with the software development and banking sectors also seeing a jump.

As prolific as ransomware was in 2016, growing by 88 percent, mobile malware had it beat growing at 99 percent. Malware growth slowed by 17 percent in Q4, but reached 638 million samples in total over the year. 

While still a small sample compared to events recorded in the Windows ecosystem, new Mac OS malware grew 744 percent in 2016. More troubling was the proliferation of the Mirai botnet hijacking Internet of Things devices, five each minute, allowing for massive, complex denial-of-service attacks.

Attackers are becoming increasingly proficient at evading discrete defense systems and infiltrating siloed systems, so the report looks at ways capturing rich data, drawing relationships between structural elements of incidents and establishing near-real-time sharing of patterns and key data points can help cut through the signal-to-noise problem as defenders triage the barrage of attacks. 

One of the quarterly report’s key topics in light of these statistics is that threat intelligence sharing is invaluable to reducing attackers’ advantages and combating high-priority threats, but hurdles still exist. 

“The security industry faces critical challenges in our efforts to share threat intelligence between entities, among vendor solutions, and even within vendor portfolios,” said Vincent Weafer, vice president of McAfee Labs, in a news release. “Working together is power. Addressing these challenges will determine the effectiveness of cybersecurity teams to automate detection and orchestrate responses, and ultimately tip the cybersecurity balance in favor of defenders.”

In McAfee’s opinion, legal frameworks and data standards for interoperability need to be updated, sharing should become more automated and sharing organizations should be established to simplify event triage, the understanding of breach indicators and the establishment of an enhanced environment for security practitioners.

The entire report can be found on