Report looks at endpoint exploitation trends
- Published: Monday, 18 January 2016 19:46
Bromium, Inc., has announced the publication of ‘Endpoint Exploitation Trends 2015,’ a Bromium Labs research report that analyses the ongoing security risk of popular websites and software. The report highlights that software vulnerabilities and exploits in popular applications spiked in 2015 with vulnerabilities increasing nearly 60 percent and Flash exploits increasing 200 percent. The report also highlights common attack trends, including the resurgence of macro malware, the continuous growth of ransomware and the widespread issue of malvertising.
“Attackers focus on high value targets with the path of least resistance, which means that attack vectors may shift as previously vulnerable software implements new security to mitigate attacks,” said Rahul Kashyap, EVP, Chief Security Architect. “We have seen Microsoft take great steps to improve the security of Internet Explorer and Windows, which has forced attackers to focus on Flash exploits, malvertising and macro malware delivered through phishing emails.”
Key findings from Endpoint Exploitation Trends 2015 include:
- Vulnerabilities and exploits spiked in 2015: vulnerabilities and exploits targeting popular software, including Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Adobe Flash, Oracle Java and Microsoft Office spiked in 2015. Vulnerabilities increased nearly 60 percent (from 733 in 2014 to 1167 in 2015) and exploits increased nearly 40 percent (from 10 in 2014 to 14 in 2015). Adobe Flash exploits increased 200 percent (from four exploits in 2014 to 12 exploits in 2015).
- Malvertising is widespread: Bromium threat sensors identified malicious advertising (malvertising) attacks on 27 percent of the Alexa 1000.
- Macro malware makes a resurgence: macro malware masquerades as a legitimate Microsoft Office document with a seemingly legitimate macro that obfuscates the attack. Social engineering techniques, such as naming the file ‘Invoice Details,’ will entice users to open the file, enabling the attack to succeed. The malicious code itself is hidden in large repositories of visual basic, making it difficult for behavioral analysis and anti-virus scanners to detect it.
- Angler exploit kit most popular: exploit kits are still the choice of attackers for launching malware. In 2015, exploit kits led by Angler EK, were up to date with the latest vulnerabilities and continue to innovate techniques to bypass network defenses.
- Ransomware doubled in 2015: ransomware has become one of the most common attack trends since 2013, increasing the number of ransomware families 600 percent (from two in 2013 to 12 in 2015). Ransomware families continue to innovate their distributions, with Cryptowall 4.0 adding encrypted file names and Cryptolocker Service leasing its malware as a service.