World Wide Web Labeled Wild Wild West of Internet Cyber Attacks
A new “threat report” labels the World Wide Web (www) the Wild Wild West of cyber warfare stating that the Internet is still “an untamed frontier.”
The report from Bromium Labs, security analysts, that study key trends in the cyber attack landscape and specialize in innovative technologies aimed to defend and counter advanced attacks against computer networks, warns that hackers prey on popular websites and widely used software. Titled Endpoint Exploitation Trends, the report, released this morning, identified key trends for the first half of 2015. Ultimately, it states, while established patterns of attack and defense can still be identified, attackers are increasingly innovative.
Rahul Kashyap, SVP Security & Solutions Engineering, Bromium
“It’s been a whirlwind 6 months in terms of threats. One of the big trends we’re witnessing is a huge growth of malvertisements targeting news and entertainment websites, places where people tend to feel safe if anything. CBSNews.com, StarTribune.com and Weather.com were just a few of the sites we saw higher quantities of malvertisements, so recommend consumers be extra vigilent when visiting those sites.
We’re also seeing the continued dark underbelly of bitcoin: it didn’t end with Silk Road. Cybercriminals are using bitcoin as a means to create and proliferate Malware without being traced.
Finally, crypto ransomware is on the rise—the appearance of new families has nearly doubled in H1 2015 over the entirety of 2014. Crypto ransomware has become an increasingly lucrative business for attackers the past few years. Reactive technologies such as anti-virus are too late to protect against such infections and are inadequate in most cases. Other newer approaches, such as robust application Containers that isolate threats from end users, can provide a defensible layer to prevent both malvertisement and ransomware infections.”
Cyber Criminals Target Popular News and Entertainment Websites
Alarmingly, Bromium Labs researchers found that the most dangerous (for users) websites are those we assume to be the safest, specifically sites that focus on entertainment and news. In fact, more than 50 percent of malvertisements on the web were found by researchers to be hosted (unknowingly) by popular news and entertainment sites.
They also found that Adobe Flash has become an overwhelming target that attackers use to launch digital “drive-by attacks.” One popular attack prompts Mozilla to disable the app in the Firefox browser. But Flash (together with Internet Explorer) is also targeted by a notorious malicious toolkit known as Angler Exploit, posing an especially serious security threat.
The Angler Exploit Kit (EK) is currently regarded as highly sophisticated and dangerous. Cisco has identified a relatively new technique used by cyber attackers to hijack domain registration accounts and create subdomains. Known as domain shadowing, it takes victims to a web page that is controlled by the attacker via a malicious ad, and then redirects them to subdomains. Blacklisting doesn’t work, and blocking is very difficult. According to the new threat report, all the WWW attacks they have picked up in the past six months are operated by EKs, Angler being the most prevalent.
Current Cyber Attack Trends
According to the new threat report, trends cover all elements from new ways to monetize malware to new, effective means of delivering vectors through malvertising. As BitCoin gains traction it is becoming a particularly easy way for cybercriminals to make money, as has Crypto-Ransomware, which demands ransoms from computer users (often via BitCoin) and is an increasing threat to both organizations and individuals.
They identified zero-day exploits and kernel-mode Vulnerabilities as the possible “next major window of opportunity” for cyber attackers.
Malvertisements have become very popular with attackers, particularly news (31.7 percent) and entertainment (25.4 percent) sites. They found that of the other websites targeted by malvertising, 12.7 percent were search sites, 7.9 percent were learning sites, and forums, shopping sites, video, and “other” sites each attracted 4.8 percent of this malicious advertising. Only 3.2 percent of social sites were found to be infected by this malware. One of high-profile websites the report names is goodreads.com.
Detection evasion trends show that attackers are continually upgrading their skills, and are able to bypass:
- Antivirus and Host Intrusion Prevention Systems (HIPS)
- Honeypots and analysis environments
- Network filters and Network Intrusion Detection Systems (NIDS)
Key malware trends identified in the report show that:
- Crypto-Ransomware has increased radically since 2013 when there were only two known ransomware families; now there are nine.
- Macro attacks are back. Since there are very few “reliable” MS office vulnerabilities, attackers now resort to an old trick of embedding macro-based malware in MS Office documents. This usually focuses on banking, and is bundled with Dridex Trojan.
- Windows kernel exploits are gaining attention and becoming more popular when it comes to launching targeted attacks.
In conclusion, the researchers state that while well-worn patterns of both attack and defense can be seen quite clearly, there is still also a lot of “the same old game.”
By Penny Swift