A McAfee Labs November 2014 Threats Report details a third quarter filled with cyber events exploiting long-established Internet trust standards, and forecasts a 2015 threat landscape shaped by more attacks exploiting these standards, new attack surfaces in mobile and Internet of Things (IoT), and increasingly sophisticated cyber espionage capabilities. In the third quarter, McAfee Labs detected more than 307 new threats every minute, or more than five every second, with mobile malware samples growing by 16 percent during the quarter, and overall malware surging by 76 percent year over year. The researchers also identified new attempts to take advantage of Internet trust models, including secure socket layer (SSL) vulnerabilities such as Heartbleed and BERserk, and the continued abuse of digital signatures to disguise malware as legitimate code.

In 2015, McAfee Labs predicts malicious parties will seek to extend their ability to avoid detection over long periods, with non-state actors increasingly adopting cyber espionage capabilities for monitoring and collecting valuable data over extended targeted attack campaigns. The researchers predict more aggressive efforts to identify application, operating system, and network vulnerabilities, and an increasing focus on the limitations of sandboxing technologies as hackers attempt to evade application- and hypervisor-based detection.

"The year 2014 will be remembered as 'the Year of Shaken Trust,'" said Vincent Weafer, Senior Vice President, McAfee Labs, part of Intel Security. "This unprecedented series of events shook industry confidence in long-standing Internet trust models, consumer confidence in organizations’ abilities to protect their data, and organizations’ confidence in their ability to detect and deflect targeted attacks in a timely manner. Restoring trust in 2015 will require stronger industry collaboration, new standards for a new threat landscape, and new security postures that shrink time-to-detection through the superior use of threat data. Ultimately, we need to get to a security model that’s built-in by design, seamlessly integrated into every device at every layer of the compute stack."

The McAfee Labs Threats Report: November 2014 is available here.