Domain Shadowing – Wild West Of Internet Cyber Attacks

World Wide Web Labeled Wild Wild West of Internet Cyber Attacks

A new “threat report” labels the World Wide Web (www) the Wild Wild West of cyber warfare stating that the Internet is still “an untamed frontier.”

The report from Bromium Labs, security analysts, that study key trends in the cyber attack landscape and specialize in innovative technologies aimed to defend and counter advanced attacks against computer networks, warns that hackers prey on popular websites and widely used software. Titled Endpoint Exploitation Trends, the report, released this morning, identified key trends for the first half of 2015. Ultimately, it states, while established patterns of attack and defense can still be identified, attackers are increasingly innovative.

Rahul Kashyap, SVP Security & Solutions Engineering, Bromium

It’s been a whirlwind 6 months in terms of threats. One of the big trends we’re witnessing is a huge growth of malvertisements targeting news and entertainment websites, places where people tend to feel safe if anything. CBSNews.com, StarTribune.com and Weather.com were just a few of the sites we saw higher quantities of malvertisements, so recommend consumers be extra vigilent when visiting those sites.

We’re also seeing the continued dark underbelly of bitcoin: it didn’t end with Silk Road. Cybercriminals are using bitcoin as a means to create and proliferate Malware without being traced.

Finally, crypto ransomware is on the rise—the appearance of new families has nearly doubled in H1 2015 over the entirety of 2014. Crypto ransomware has become an increasingly lucrative business for attackers the past few years. Reactive technologies such as anti-virus are too late to protect against such infections and are inadequate in most cases. Other newer approaches, such as robust application Containers that isolate threats from end users, can provide a defensible layer to prevent both malvertisement and ransomware infections.”

Cyber Criminals Target Popular News and Entertainment Websites

Alarmingly, Bromium Labs researchers found that the most dangerous (for users) websites are those we assume to be the safest, specifically sites that focus on entertainment and news. In fact, more than 50 percent of malvertisements on the web were found by researchers to be hosted (unknowingly) by popular news and entertainment sites.

They also found that Adobe Flash has become an overwhelming target that attackers use to launch digital “drive-by attacks.” One popular attack prompts Mozilla to disable the app in the Firefox browser. But Flash (together with Internet Explorer) is also targeted by a notorious malicious toolkit known as Angler Exploit, posing an especially serious security threat.

The Angler Exploit Kit (EK) is currently regarded as highly sophisticated and dangerous. Cisco has identified a relatively new technique used by cyber attackers to hijack domain registration accounts and create subdomains. Known as domain shadowing,  it takes victims to a web page that is controlled by the attacker via a malicious ad, and then redirects them to subdomains. Blacklisting doesn’t work, and blocking is very difficult. According to the new threat report, all the WWW attacks they have picked up in the past six months are operated by EKs, Angler being the most prevalent.

Current Cyber Attack Trends

According to the new threat report, trends cover all elements from new ways to monetize malware to new, effective means of delivering vectors through malvertising. As BitCoin gains traction it is becoming a particularly easy way for cybercriminals to make money, as has Crypto-Ransomware, which demands ransoms from computer users (often via BitCoin) and is an increasing threat to both organizations and individuals.

They identified zero-day exploits and kernel-mode Vulnerabilities as the possible “next major window of opportunity” for cyber attackers.

Malvertisements have become very popular with attackers, particularly news (31.7 percent) and entertainment (25.4 percent) sites. They found that of the other websites targeted by malvertising, 12.7 percent were search sites, 7.9 percent were learning sites, and forums, shopping sites, video, and “other” sites each attracted 4.8 percent of this malicious advertising. Only 3.2 percent of social sites were found to be infected by this malware. One of high-profile websites the report names is goodreads.com.

Detection evasion trends show that attackers are continually upgrading their skills, and are able to bypass:

  • Antivirus and Host Intrusion Prevention Systems (HIPS)
  • Honeypots and analysis environments
  • Network filters and Network Intrusion Detection Systems (NIDS)

Key malware trends identified in the report show that:

  • Crypto-Ransomware has increased radically since 2013 when there were only two known ransomware families; now there are nine.
  • Macro attacks are back. Since there are very few “reliable” MS office vulnerabilities, attackers now resort to an old trick of embedding macro-based malware in MS Office documents. This usually focuses on banking, and is bundled with Dridex Trojan.
  • Windows kernel exploits are gaining attention and becoming more popular when it comes to launching targeted attacks.

In conclusion, the researchers state that while well-worn patterns of both attack and defense can be seen quite clearly, there is still also a lot of “the same old game.”

By Penny Swift

Disaster Plan.png
Hair Loss.png
Answer To Everything.png
The Backup.png
JK Chelladurai
Usage-Based Pricing We are now in an era where many businesses are flipping their business model and shifting from subscription-based pricing to usage-based models, to better cater to the modern ‘pay-as-you-consume’ buyer. So what exactly ...
Oxylabs
A conversation with Aleksandras Šulženko – Product owner at Oxylabs.io In a global economy where change happens by the second, one of the best ways to keep up with industry information, including your competitors, is ...
Jen
VoIP and PBX Phone Systems The cloud is already providing businesses with such a range of advanced tools and services, optimizing communication across channels, improving global cooperation, and supporting collaboration between teammates and partners both ...
Gilad David Maayan
What Is Application Dependency Mapping? Modern software development teams use fast-paced DevOps work processes. However, the complexity of modern software applications often gets in the way. A typical enterprise software project has thousands of components, ...
Gary Bernstein
Most Dangerous Botnets While it’s no secret that the technical sophistication of cyber-attacks grows exponentially, adversaries often need widespread networks to make it happen. One of the ways to do that is to infect legitimate ...
  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.