It has been said that those who fail to learn from history are doomed to repeat it. With that in mind, Bromium Labs today has published “Endpoint Exploitation Trends 2015,” a research report that analyzes the ongoing security risk of popular websites and software. The report highlights that software vulnerabilities and exploits in popular applications spiked in 2015 with vulnerabilities increasing nearly 60 percent and Flash exploits increasing 200 percent. The report also highlights common attack trends, including the resurgence of macro malware, the continuous growth of ransomware and the ubiquitous presence of malvertising.
Adobe Flash vulnerabilities and exploits are nothing new, but this spike is 2015 was noticeable. The continuous growth of malvertising is also noteworthy, with malvertising attacks detected on more than a quarter of the Alexa 1,000. Currently, Flash exploits and malvertising go hand-in-hand, so this trend represents how two vulnerable systems can be attacked to compromise an end user or an enterprise.
Flash is widely used – although we may be witnessing the slow death of Flash – which is one reason we see so many exploits and vulnerabilities for it. The second reason is that attackers tend to focus on the weakest link; as Internet Explorer and Windows have improved its attack mitigation, attackers have been driven to more easily exploitable technology, such as Flash.
Interestingly, as systems have become more advanced and secure, many attackers are relying on a dated technique, macro malware, which masquerades as a legitimate document, such as an invoice or tracking number. Macro malware requires the user to launch the attack, so these documents are spammed through phishing emails. The malware itself is obfuscated in large repositories of code pulled from legitimate projects, making it difficult of signature analysis to detect the attack.
Not all attackers are relying on these dated attacks; we have witnessed the explosive growth of ransomware, which has increased 600 percent since 2013. Not only is this a common attack vector, but it continues to evolve. Most recently, we have witnessed ransomware “as a service” that enables an attacker to obtain ransomware for free by agreeing to share the profits with its creator. Ransomware is distributed through every possible attack vector, from email spam and macro malware to drive-by downloads and malvertising.
In conclusion, the Bromium Threat Report “Endpoint Exploitation Trends 2015” highlights how attackers continue to use whatever attack works best, old or new. The spike in software vulnerabilities and exploits should be a first step for security teams to address; patching vulnerable machines has never been more urgent. With the rise in macro-malware, it is imperative to re-educate users about phishing emails. Hackers will attack the weakest point they can find, so security teams must adapt to remain secure. The most important thing to realize is that malware is hiding in plain sight: it is spammed through email as malicious documents and embedded in advertisements in some of the most popular web sites on the Internet.
Given this, it’s easy to see that the more software introduced into a network, the greater the attack surface becomes. Any successful security solution must fundamentally change the way security is provided by reducing the attack surface and decreasing software surface areas for attack.