Rp Threat Predictions 2012

8/3/2019 Rp Threat Predictions 2012

1/12

Report

By McAfee Labs

2012 Threats Predictions


2/12

2012 Threats Predictions2

Table o ContentsIndustrial Threats 3

The Threat Within: Embedded Hardware 4

Hacktivism 4

Virtual Currency 5

Cyberwar 6

DNSSEC 7

Spam Goes Legit 8Mobile Threats 9

Botnets + rootkits = low-level trouble 9

Mobile banking attacks 9

Rogue Certifcates 10

Advances in Operating Systems 10

About the Authors 11

About McA ee Labs 11

About McA ee 11


3/12


Predicting uture threats can be a hit-or-miss exercise or a security researchorganization. Certainly it is interesting to put on our wizard hats and prognosticateabout what may happen in the coming months, but how much do threats reallychange each year? The past 12 months were a trans ormative year in many ways,but were these trans ormations revolutionary or evolutionary? We saw great changesin mobile threats, hacktivism, client-side exploitation, social-media exploitation, andtargeted attacks. Many o these changes and trends will continue to in uence thethreats landscape or years to come.

What changes to threats does McA ee Labs expect in the coming year? We oresee several newscenarios as well as some signifcant evolutions in even the most established threat vectors:

Industrial threats will mature and segment Embedded hardware attacks will widen and deepen Hacktivism and Anonymous will reboot and evolve

Virtual currency systems will experience broader and more requent attacks This will be the Year for (not o ) Cyberwar DNSSEC will drive new network threat vectors Traditional spam will go legit, while spearphishing will evolve into the targeted messaging attack Mobile botnets and rootkits will mature and converge Rogue certifcates and rogue certifcate authorities will undermine users confdence Advances in operating systems and security will drive next-generation botnets and rootkits

The stage is set, so lets move on to the specifcs!

Industrial ThreatsThreats to industrial and national in rastructure networks have recently garnered a lot o attention, andthere is a very good reason or that. This is one o the ew areas in which a cyberthreat endangers thereal loss o property and li e. Industrial SCADA (supervisory control and data acquisition) systems are justas vulnerable as any other networked system, but the big di erence is that many these systems werenot designed or the networked environment the world continues to adopt. Increased interconnectivity

or systems and devices not designed or this type o access is a recipe or troubledue to the lack oin ormation security practices in many o the environments SCADA systems are deployed in. It seemsto be a common practice to connect critical in rastructure systems to the Internet and then managethem with commonly available so tware. All so tware has vulnerabilities, but industrial IT systemsrequire greater diligence in architecture, design, and implementation. Attackers will leverage this lack opreparedness with greater requency and success in 2012, i only or blackmail or extortion. When oneconsiders the goals o many hacktivist groups, the possible mating o political goals with vulnerabilitiesin industrial controller systems (ICS) needs to be taken very seriously.

Stuxnet proves that malicious code can create a real world, kinetic response. 1 Recent incidents directedat water utilities in the United States show that these acilities are o increasing interest to attackers. Themore attention is ocused on SCADA and in rastructure systems, the more insecurity seems to come tolight. We expect to see this insecurity lead to greater threats through exploit toolkits and rameworks aswell as the increased targeting o utilities and energy ICS systems in particular. Once a targeted grouphas been shown to have a so t center, the attackers will dig in eagerly.

Attackers tend to go a ter systems that can be success ully compromised, and ICS systems have shownthemselves to be a target-rich environment. Their administrators should take heed o recent events. Itstime or extensive penetration testing and emergency response planning that includes cybercomponentsand networking with law en orcement at all levels. They must ask themselves: What happens when weare targeted?


4/12

4 2012 Threats Predictions

The Threat Within: Embedded HardwareEmbedded systems have grown in popularity and importance during the last several years. In general,these are designed or a specifc control unction within a larger system, o ten with real-time computingrequirements. They o ten reside within a complete device that includes hardware and other mechanical

parts. Historically used or industrial needs such as avionics, transportation, and energy as well asautomotive and medical devices, this architecture is increasingly making its way into the business,enterprise, and consumer worlds. GPS, routers, network bridges, and recently many consumer electronicdevices use embedded unctions and designs.

Exploiting embedded systems will require malware that attacks at the hardware layer; that type oexpertise has ramifcations that go beyond embedded plat orms.

Malware writers now create malware that targets the lower parts o the operating system more andmore o ten. Many times attackers will try to root a system at its lowest level, including the masterboot record and even BIOS layers. I attackers can insert code that alters the boot order or loading ordero the operating system, they will gain greater control and can maintain long-term access to the systemand its data. Controlling hardware is the promised land o sophisticated attackers.

The consequence o this trend is that other systems that use embedded hardware will becomesusceptible to these types o attacks. We have seen concept code that targets the embedded hardwarein automotive systems, medical systems, and utility systems. We expect these proo s-o -concept code tobecome more e ective in 2012 and beyond.

HacktivismAlthough hacktivism is not new, with the WikiLeaks saga on the ront pages in 2010 hacktivismgained wider publicity, acceptance, and usage than ever be ore. Overall, 2011 was a muddled year oronline activists, with con icting players requently at odds with each other and no clearly stated goals.It was o ten di fcult to sort things out between politically motivated campaigns and simple script-kiddies entertainment, but one thing became clear: When hacktivists picked a target, that target wascompromised either through a data breach or denial o service. They are a credible orce. Agree withtheir goals or not, Anonymous and other hacktivist groups have shown themselves to be dedicated,

resource ul, and even agile in choosing some o their targets and operations.The coming year will be decisive or hacktivism. And the Anonymous stories represent only one aspect othis issue.

The true Anonymous (that is, its historical wing) will reinvent themselves and their scene or die out.I the Anonymous circles o in uence are unable to become organizedwith clear calls or action andresponsibility claimsall those labeling themselves Anonymous will eventually run the risk o becomingmarginalized. Either way, we will see a large increase in such attacks. Distributed denial o service(DDoS) and personal data disclosures justifed by a political conscience will continue to grow.

The people leading digital disruptions will become better engaged with the people leading physicaldemonstrations. We will see more mating o social media-based hacktivism with social media-coordinated hacktivism. We expect many uture operations to include both physical and digitalcomponents. Joint and coordinated actions, in the feld and online, will be simultaneously planned.

It is not hard to predict the evolution o the Occupy and other outraged groups to include moredirect digital actions. As we posited in other predictions, the possibility o mating hacktivist goalswith industrial controller or SCADA system availability is a very real possibility. We expect hard-linehacktivists supporting the worldwide Occupy movements will drop the Anonymous label and soonoperate as Cyberoccupiers.

For political and ideological ends, the private lives o public fgurespoliticians, industry leaders, judges, and law-en orcement and security o fcerswill be disclosed this year more than in the past.Protesters will stop at nothing to obtain data rom social networks or web servers to support theirvarious operations.


5/12


Some hacktivists will operate along the same lines as the various cyberarmies that primarily ourishin nondemocratic or nonsecular states (Iranian Cyber Army, Pakistan Cyber Army, ChinaHonker group,etc.). Mostly used or de acement in the past two years, the armies will move to more disruptiveactions in the new year. Some o these groups will clash themselves, possibly causing unpredictable

collateral damages (Palestinian versus Israeli, Indian versus Pakistani, North versus South Korean, etc.).In 2011, cyberarmies were rumored to be manipulated or supported by their governments. Totalitarianstates will go urther next year, even acknowledging the actions o local cyberarmies.

Cyberpatriots

Script kiddies

4chan site fans

Hackers

Anonymous Cyberoccupiers

Cooperation

Cooperation

For the lulz

Manipulation,weak support

Pseudopa trio tism

Patriotism

Nondemocratic andnonsecular states

Against Internetcensorship

P s e u d o p

o l i t i c a l

c o n s c i e

n c e

Real support

Real politicalconscience

Rea l p a t r io t i sm

Occupymovement

Indignantmovement

Realcyberarmies

Self-proclaimedcyberarmies

2009 2011 2013

Figure 1. The many connections and motivations o hacktivism.

Virtual CurrencyVirtual currency, sometimes called cybercurrency, has become a popular way or people to exchangemoney online. Though not necessarily backed by tangible assets or even tangible commodities, servicessuch as Bitcoin allow users to make transactions through a decentralized, peer-to-peer networkessentially electronic cash that allows direct, online payments. A user needs only client so tware andan online wallet service to receive the coins, which are stored in the wallet and can be trans erredto others as payment or goods or services. For users to send or receive these coins, they simply need awallet address. Can you see both the problem and the opportunity?

Trojan malware easily fts into this architecture. The wallets are not encrypted and the transactions arepublic. This makes an attractive target or cybercriminals. Several events o note took place in 2011regarding virtual currencies:

The Mt. Gox Bitcoin Exchange database was targeted by attackers who stole thousands o Bitcoins Spam promoting ake Bitcoin mining tools was distributed. These tools actually contained malware

designed to send the victims wallet fles to a remote location. It also allowed other miners to use thein ected computer or urther Bitcoin mining.

Bitcoin miner botnets were ound in the wild. Using large numbers o in ected machines, these botnetscould speed up Bitcoin mining and processing and could also launch DDoS attacks.


6/12

2012 Threats Predictions6

The nature o virtual currencies and technologies like Bitcoin are too good a target or cybercriminals topass up. We saw considerable growth in malware that targets these technologies in 2011. Here is a lookat Bitcoin malware in particular:

0

500

1000

1500

2000

Nov 11Oct 11Sep 11Aug 11Jul 11Jun 11May 11

Unique Bitcoin Miner Samples Discovered

Figure 2. The the t (called mining) o the virtual currency Bitcoin reached a peak in September. We predict the rip-o swill increase in 2012.

We expect to see this threat evolve into a cottage industry o cybercrime next yearwith spam, datathe t, tools, support networks, and other associated services dedicated solely to exploiting virtualcurrencies. Clearly, cybercriminals have ound a payment system that fts their needs.

CyberwarWill this be the Year o Cyberwar, or merely a showcase o o ensive cyberweapons and their potential?While we certainly hope its only the latter, the situations growth during recent years makes an eventualcyberwar nearly inevitable. We have requently seen cyber techniques complement traditionalmethods o intelligence, or espionage, operations, with many players accusing others, riends and oesalike. Its a very cheap way o spying, always leaves room or plausible deniability, doesnt endangerhuman lives and, most important, seems to be highly e ective. What we havent much seen is the useo cyber as part o the arsenal in an armed con ict. So ar this has been witnessed only on a rather smallscale with very limited sophistication o the attacks, or example, in the Georgia con ict.

But now the situation has changed. Many countries realize the crippling potential o cyberattacksagainst critical in rastructure and how di fcult it is to de end against them. Their potential opens upopportunities or attack by small countries or organizations, particularly i there are ew targets to strikeback against. The Stuxnet attack was a game-changing event in many aspects; one o them was tomake it absolutely clear to everyone that the threat is real and what impact such attacks could have.

The United States realizes how vulnerable it is, probably more than any other country because oits massive dependence on computer systems and a cyberde ense that pretty much de ends onlygovernment and military networks (imagine an army that protects only military bases rather than anyother part o the country). A ter taking a lot o criticism or the absence o a ormal doctrine, thecountry fnally reacted.


7/12


In July the Department o De ense Strategy or Operating in Cyberspace was released. 2 The reportstates Strategic Initiative 1: DoD will treat cyberspace as an operational domain to organize, train,and equip so that DoD can take ull advantage o cyberspaces potential. But you wont fnd in thispaper a topic that was discussed previouslythat cyberattacks o su fcient impact could meet with a

return strike. Instead the DoD is preparing a new doctrine to complement the cyberstrategy that o ersconcrete guidance or the DoDs cyberwar are sta . I that doctrine outlines under what circumstancesa cyberretaliation can be considered, this would still be a ar step rom the threat o total annihilationdoctrine that helped the world survive the cold war.

It doesnt really deter anyone rom attacking i the possible response is unknown because its classifed.

According to reports, the use o cyberweapons in the revolution in Libya was considered but didnthappen because no one wanted to be the frst to open Pandoras box. Or maybe it just wasnt a target-rich environment. For now, however, weve seen no public demonstration o the capabilities o o ensivecyberwar are that have the potential to deter anyone. The voices are getting louder to declassi ythat in ormation, so some sort o demonstrationother than showing rightening videos o ailingmachinery to oreign diplomatsis expected. An e ective demonstration has the potential to trigger a

me too response rom other states, showing that they also have the same capabilities.

We hope in the coming year to see only demonstrations, rather than any e ects o an actual cyberwar!

DNSSECDNSSEC (Domain Name System Security Extensions) is a technology to protect name-resolution services

rom spoofng and cache poisoning by using a web o trust based on public-key cryptography. Thisis meant to protect a client computer rom inadvertently communicating with a host as a result o aman-in-the-middle attack, which redirects the tra fc rom the intended server (web page, email, etc.)to another server. To protect online users and implement a more di fcult terrain or hackers, this is anextremely important step in the evolution o the Internet.

Un ortunately DNSSEC would also protect rom spoofng and redirection any attempts by authoritieswho seek to reroute Internet tra fc destined to websites that are tra fcking in illegal so tware or images.For a government to redirect tra fc, it would need to be considered authoritative rom the root-leveldomains, which is a level o trust that other governing bodies would hesitate to grant i they knew thatthe result would be the suppression o Internet content based on the opinions o oreign governments.

Recent attempts to pass legislation to prevent the disbursement o intellectual property are based onan understanding o the current state o how todays DNS works and not how the uture DNSSEC willwork. This gap may create additional legal requirements or managing current DNS in rastructure, whichmay not be compatible with DNSSEC in rastructure. I such requirements are implemented, then theprocess o upgrading the security o our DNS in rastructure may be put on hold while committees seek atechnical middle ground between the law and DNSSEC.

With governing bodies around the globe taking a greater interest in establishing rules o the roador Internet tra fc, we can expect to see more and more instances in which the solutions o tomorrow

are hampered by legislative wrangling over the issues o yesterday. The result is that the Internet otomorrow will probably look like the Internet o yesterday or a longer time than we security olks wouldlike to see.


8/12


Spam Goes LegitDuring the past our years weve seen increased international understanding and cooperation incombating botnet-related spam. This cooperation has resulted in a number o high-profle shutdownso in rastructure that was critical to botnet control (such as the ISP McColo), spam domain webhosting(Glavmed), credit card processing linked to counter eit pharmaceuticals, and even suits against largeInternet corporations that provided advertising outlets or illegal enterprises. These actions have resultedin an enormous drop in global spam volumes rom a peak in mid-2009 and signifcantly increased theblack-market cost o sending spam through botnets.

Although these steps by no means represent the end o all spamas some technology prophets havepredictedthey do change the landscape. Today as we look across that landscape, we see more andmore unsolicited spam mail being sent not rom botnet-in ected hosts, but by actual legitimateadvertising agencies that use techniques heavily derided by the antispam community. Their e ortsresult in users email addresses getting on advertising lists without their knowledge or consent. Thesetechniques range rom blatant purchasing o email address lists that are advertised as o ering users whohave already consented to receive any advertising (a claim that requires a willing suspension o disbelie ),to e-pending (harvesting email addresses through algorithms that determine that people would signup or advertising i they were o ered the chance, then skipping the asking part and just adding themto a list without permission), to purchasing customer databases rom companies going out o businessand ignoring any privacy policy that was in place when the company was still operating, to partneringwith other advertising entities or mailing-list providers to blitz their email lists with advertising.

The advertising companies that do this know that theyre sending spam and use the same techniquesthat botnet operators use to attempt to evade detection. Every day thousands o new email domains areregistered using whois privacy to prevent identifcation o the owner, and thousands o new IP addressesare activated in the subnets o hosting providers or a ew hours o a spam cannon that plasters inboxeswith poorly ormatted emails, raught with misspellings and bad grammar. Most o these emails containan opt-out link that doesnt accomplish anything except to let the spammers know that your emailaddress is active and youre reading their mail. And there is an address where you can send a snail mailto get delisted (but i you look up the addresses online they can range rom shacks in the middle othe Canadian wilderness to barren plots o land in the Arizona desert). In some cases individual email

addresses have received more than 9,000 nearly identical spam messages in one day advertising thehealth benefts o a popular magnetic bracelet.

These corrupt advertising practices are supported by law. The United States CAN-SPAM Act waswatered down so much that advertisers are not required to receive consent or sending advertising.Because advertising is such a proftable business, with plenty o lobbying prowess, it is extremely unlikelythat any signifcant changes to email list-management practices or large penalties or bad behavior areanywhere on the horizon.

In this environment, we can expect to see legal spam continue to grow at an alarming rate. It ischeaper and less risky to spam individuals rom advertising companies than it is to use botnet-in ectedhosts. This sort o activity, known as snowshoe spamming, has grown so much that at the time o thiswriting the top 10 most common email subjects include one delivery status notifcation, one botnet-related ake-Rolex spam, one confdence scam, and seven subjects associated with snowshoe spam. Thissort o tra fc will continue to grow at a aster rate than phishing and confdence scams, while botnet-related spam will continue to decrease as botmasters fnd better and sa er ways to wring money out otheir armies o in ected computers. It is only a matter o time be ore most global spam volume comes

rom badly behaving but legal entities.


9/12


Mobile ThreatsDuring the last two years weve seen an increase in attacks on smartphones and mobile devices. Weverun across rootkits, botnets, and other malware. Attackers have moved on rom simple destructivemalware to spyware and malware that makes them money. Weve seen them exploit vulnerabilities

to bypass system protections and gain greater control over mobile devices. In 2012 we expect to seeattackers continue what theyve done and to improve upon their attacks. We also predict a movetoward mobile-banking attacks.

Botnets + rootkits = low-level troubleOn PCs, rootkits and botnets deliver ads and make money o o their victims. On mobiles, weve seenthese types o malware used in the same manner. Rootkits allow the installation o additional so twareor spyware, and botnets can cause ad clicks or send premium-rate text messages.

Weve seen mobile variants o malware amilies that include Android/DrdDream, Android/DrdDreamLite,and Android/Geinimi, as well as Android/Toplank and Android/DroidKungFu. Some o these malwarehave used root exploits, originally developed or customers to unlock their own phones, to gain accessand take over victims phones. In the coming year as developers and researchers develop new methods

or rooting phones, we will see malware authors adapting the lessons o PC malware development to

undertake attacks that leverage the mobile hardware layer to a greater extent. PC-based malware isincreasingly moving urther down the operating system (OS) to take greater advantage o hardware;we expect mobile malware to ollow the same direction.

Bootkits, malware that replaces or bypasses system startup, also threatens mobile devices. Althoughrooting ones own phone or ebook reader opens the device to extra eatures or to replacing the OS, itcan also allow attackers to load their own modifed OS. Whereas a mobile rootkit will simply modi y theexisting OS to evade detection, a bootkit can give an attacker much greater control over a device.

For example, the Weapon o Mass Destruction mobile penetration-testing toolkit runs on oldWindows Mobile phones. WMD installs itsel using tools developed to load Linux on Windows Mobilephones and allows the user to reboot to the original OS. Attackers have already used old root exploitsto hide themselves; as new exploits are developed, attackers will eventually install their own customfrmware.

Mobile banking attacksPC users have seen attacks rom criminals using the Zeus and SpyEye crimeware kits to steal money romonline banking accounts. Both Zeus and SpyEye have begun to use mobile apps as helpers to bypasstwo- actor authentication and gain access to victims money.

Zitmo (Zeus-in-the-mobile) and Spitmo (SpyEye-in-the-mobile) are two amilies o mobile spyware thatorward SMS messages to attackers. Using this spyware required the attackers to log in manually to steal

users money.

Last July, security researcher Ryan Sherstobito discussed how the transactions per ormed by criminalsusing Zeus and SpyEye could be trackedas they looked nothing like those o legitimate users. Lastmonth, he showed how criminals had adapted and now can programmatically steal rom victims whilethey are still logged on. This helps the criminals transactions appear to come rom the legitimate usersand by adding a delay seem to be per ormed by a real human. Attackers have adapted quickly to everychange intended to secure banking on PCs. As we use our mobile devices ever more or banking, wewill see attackers bypass PCs and go straight a ter mobile-banking apps. We expect to see attacks thatleverage this type o programmatic technique in greater requency as more and more users handle theirfnances on mobile devices.


10/12


Rogue CertifcatesWe tend to believe in fles and documents when they are digitally signed due to our trust in digitalsignatures and the certifcate authorities they come rom. Many whitelisting and application controlsystems depend on valid digital signatures. These solutions allow us to put policies and controls in place

around services, applications, and even fles that carry a valid digital signature. Secure web browsing andsecure online business transactions also rely on trusted digital signatures. These certifcate authorities andtheir certs basically tell the operating system You can trust me because I am valid and vouched or.

Given that trust, what happens i were aced with rogue or ake digital certifcates? Going deeper, whatare the implications o a certifcate authority that is compromised? Digital certifcates allow us a certainlevel o trust in a fle, process, or transaction. By producing and circulating ake or rogue certifcates,attackers can engage in almost undetectable attacks. On the browser, this allows an attacker to engagein man-in-the-middle attacks: tra fc that was otherwise encrypted and not viewable to the attacker cannow be seen plain as clear text because they have the key. On the host, security so tware will ignorea fle signed with a valid key as it now appears to be whitelisted: It has authorized access due to thecertifcate it presents.

Recent threats such as Stuxnet and Duqu used rogue certifcates to great e ect to evade detection.

Although this is not the frst time we have seen this behavior ( ake AV, certain Zeus variants, Confcker, andeven some old Symbian malware used them), we expect to see this trend increase in 2012 and beyond.

The larger threat o targeting certifcate authorities to produce rogue certifcates is also a concern or theuture because this type o compromise would allow an attacker to create multiple keys to be used in a

variety o web-based and host-based scenarios, e ectively undermining much o the trust that is builtinto an operating system. We are very concerned about the implications o large-scale rogue certifcateson the whitelisting and application control technologies that use these certs. DigiNotar, an alreadytroubled Dutch authority, recently declared bankruptcy a ter a security breach resulted in the issuance o

raudulent certifcates. Was this attack the fnal nail in its co fn? Investigations have shown that as manyas 531 raudulent certifcates were issued rom DigiNotar. It is probable that the companys all is onlythe beginning o our insight into breaches in this industry. Now we must worry about how much trustand damage has been done.

Wide-scale targeting o certifcate authorities and the broader use o raudulent, yet valid digitalcertifcates has ramifcations or public-key in rastructure, secure browsing, and transactions as well ashost-based technologies such as whitelisting and application control. Taking advantage o our trust inthis system gives attackers a great advantage; we certainly expect them to ocus on this area.

Advances in Operating SystemsIn ormation security always involves give and take, with equal amounts o measures andcountermeasures thrown in. The attackers write malicious code; we counter it. Operating systemvendors bake security into the core o the OS; attackers fnd a way to circumvent. This is a natural parto the dynamic threat landscape and will never go away. But will advances by the in ormation securityindustry and operating system vendors drive malware writers outside the OS to directly attack hardware?

Recent versions o Windows have included data-execution protection as well as address-space layout

randomization. These security methods make it harder or attackers to compromise a victims machine.Encryption technologies have also boosted OS protection in recent years. As with most internal OSsecurity measures, attackers very quickly ound ways to evade them. With the upcoming release oWindows 8, Microso t will include many new security eatures: secure password storage, secure boot

unctions, antimalware de enses, and even enhanced reputation capabilities. Where will this newsecurity architecture drive attackers?

The answer is down and out: down into hardware and out o the operating system.


11/12


During the last several years McA ee Labs has seen great advances rom attackers and malware writersin both rootkits and bootkits. Rookits are used to subvert both the operating system and securityso tware, while bootkits attack encryption and can replace legitimate boot loaders. These are advancedtechniques to intercept encryption keys and passwords, and even subvert driver-signing de enses

employed by some OSs.Attacking hardware and frmware is not easy, but success there would allow attackers to createpersistent malware images in network cards, hard drives, and even system BIOS. We expect to seemore e ort put into hardware and frmware exploits and their related real-world attacks throughout2012 and beyond.

Advances in the Windows 8 bootloader security eature have already caused researchers to show howthey can be subverted through legacy BIOS; meanwhile, the product has not even been ully released yet.With urther development around Intels unifed extensible frmware inter ace specifcationsdesignedas a so tware inter ace between the operating system and plat orm frmware to en orce a secure bootand to replace legacy BIOSwe expect more attackers to devote their time to evasion research in thecoming years.

We will keenly watch how attackers use these low-level unctions or botnet control, perhaps migratingtheir control unctions into graphics processor unctions, the BIOS, or the master boot record. Atthe same time we expect attackers to leverage new protocols standards such as IPv6 as networkimplementations advance along the lines o operating systems.

In spite o our e orts to thwart their ambitions, attackers clearly see the value and power o attackinghardware and moving outside o tradition operating system attacks.

About the AuthorsThis report was prepared and written by Zheng Bu, Toralv Dirro, Paula Greve, David Marcus, FranoisPaget, Ryan Permeh, Craig Schmugar, Jimmy Shah, Peter Szor, Guilherme Venere, and AdamWosotowsky o McA ee Labs.

About McA ee LabsMcA ee Labs is the global research team o McA ee. With the only research organization devoted to allthreat vectorsmalware, web, email, network, and vulnerabilitiesMcA ee Labs gathers intelligence

rom its millions o sensors and its cloud-based service McA ee Global Threat Intelligence . The McA eeLabs team o 350 multidisciplinary researchers in 30 countries ollows the complete range o threatsin real time, identi ying application vulnerabilities, analyzing and correlating risks, and enabling instantremediation to protect enterprises and the public.

About McA eeMcA ee, a wholly owned subsidiary o Intel Corporation (NASDAQ:INTC), is the worlds largest dedicatedsecurity technology company. McA ee delivers proactive and proven solutions and services that helpsecure systems, networks, and mobile devices around the world, allowing users to sa ely connect to theInternet, browse, and shop the web more securely. Backed by its unrivaled Global Threat Intelligence,McA ee creates innovative products that empower home users, businesses, the public sector, and serviceproviders by enabling them to prove compliance with regulations, protect data, prevent disruptions,identi y vulnerabilities, and continuously monitor and improve their security. McA ee is relentlessly

ocused on fnding new ways to keep our customers sa e. http://www.mca ee.com
http://envision/McAfee/211493.20%20rpt/sh%20HD/Users/patbarr/Library/Caches/Adobe%20InDesign/Version%207.5/en_US/InDesign%20ClipboardScrap1.pdfhttp://envision/McAfee/211493.20%20rpt/sh%20HD/Users/patbarr/Library/Caches/Adobe%20InDesign/Version%207.5/en_US/InDesign%20ClipboardScrap1.pdf


12/12

2821 Mission College BoulevardSanta Clara, CA 95054888 847 8766www.mca ee.com

1 https://blogs.mca ee.com/mca ee-labs/stuxnet-update2 Read the unclassifed version at http://www.de ense.gov/news/d20110714cyber.pd

The in ormation in this document is provided only or educational purposes and or the convenience o McA ee customers. The in ormationcontained herein is subject to change without notice, and is provided as is, without guarantee or warranty as to the accuracy or applicabilityo the in ormation to any specifc situation or circumstance.

McA ee, the McA ee logo, McA ee Labs, and McA ee Global Threat Intelligence are registered trademarks or trademarks o McA ee, Inc. orits subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property o others. The product plans,specifcations and descriptions herein are provided or in ormation only and subject to change without notice, and are provided withoutwarranty o any kind, express or implied. Copyright 2011 McA ee, Inc.40302 h di i 1211 l ETMG
https://blogs.mcafee.com/mcafee-labs/stuxnet-updatehttp://www.defense.gov/news/d20110714cyber.pdfhttp://www.defense.gov/news/d20110714cyber.pdfhttps://blogs.mcafee.com/mcafee-labs/stuxnet-update

Documents

Rp Threat Predictions 2012