Domain Shadowing – Wild West Of Internet Cyber Attacks

World Wide Web Labeled Wild Wild West of Internet Cyber Attacks

A new “threat report” labels the World Wide Web (www) the Wild Wild West of cyber warfare stating that the Internet is still “an untamed frontier.”

The report from Bromium Labs, security analysts, that study key trends in the cyber attack landscape and specialize in innovative technologies aimed to defend and counter advanced attacks against computer networks, warns that hackers prey on popular websites and widely used software. Titled Endpoint Exploitation Trends, the report, released this morning, identified key trends for the first half of 2015. Ultimately, it states, while established patterns of attack and defense can still be identified, attackers are increasingly innovative.

Rahul Kashyap, SVP Security & Solutions Engineering, Bromium

It’s been a whirlwind 6 months in terms of threats. One of the big trends we’re witnessing is a huge growth of malvertisements targeting news and entertainment websites, places where people tend to feel safe if anything. CBSNews.com, StarTribune.com and Weather.com were just a few of the sites we saw higher quantities of malvertisements, so recommend consumers be extra vigilent when visiting those sites.

We’re also seeing the continued dark underbelly of bitcoin: it didn’t end with Silk Road. Cybercriminals are using bitcoin as a means to create and proliferate Malware without being traced.

Finally, crypto ransomware is on the rise—the appearance of new families has nearly doubled in H1 2015 over the entirety of 2014. Crypto ransomware has become an increasingly lucrative business for attackers the past few years. Reactive technologies such as anti-virus are too late to protect against such infections and are inadequate in most cases. Other newer approaches, such as robust application Containers that isolate threats from end users, can provide a defensible layer to prevent both malvertisement and ransomware infections.”

Cyber Criminals Target Popular News and Entertainment Websites

Alarmingly, Bromium Labs researchers found that the most dangerous (for users) websites are those we assume to be the safest, specifically sites that focus on entertainment and news. In fact, more than 50 percent of malvertisements on the web were found by researchers to be hosted (unknowingly) by popular news and entertainment sites.

They also found that Adobe Flash has become an overwhelming target that attackers use to launch digital “drive-by attacks.” One popular attack prompts Mozilla to disable the app in the Firefox browser. But Flash (together with Internet Explorer) is also targeted by a notorious malicious toolkit known as Angler Exploit, posing an especially serious security threat.

The Angler Exploit Kit (EK) is currently regarded as highly sophisticated and dangerous. Cisco has identified a relatively new technique used by cyber attackers to hijack domain registration accounts and create subdomains. Known as domain shadowing,  it takes victims to a web page that is controlled by the attacker via a malicious ad, and then redirects them to subdomains. Blacklisting doesn’t work, and blocking is very difficult. According to the new threat report, all the WWW attacks they have picked up in the past six months are operated by EKs, Angler being the most prevalent.

Current Cyber Attack Trends

According to the new threat report, trends cover all elements from new ways to monetize malware to new, effective means of delivering vectors through malvertising. As BitCoin gains traction it is becoming a particularly easy way for cybercriminals to make money, as has Crypto-Ransomware, which demands ransoms from computer users (often via BitCoin) and is an increasing threat to both organizations and individuals.

They identified zero-day exploits and kernel-mode Vulnerabilities as the possible “next major window of opportunity” for cyber attackers.

Malvertisements have become very popular with attackers, particularly news (31.7 percent) and entertainment (25.4 percent) sites. They found that of the other websites targeted by malvertising, 12.7 percent were search sites, 7.9 percent were learning sites, and forums, shopping sites, video, and “other” sites each attracted 4.8 percent of this malicious advertising. Only 3.2 percent of social sites were found to be infected by this malware. One of high-profile websites the report names is goodreads.com.

Detection evasion trends show that attackers are continually upgrading their skills, and are able to bypass:

  • Antivirus and Host Intrusion Prevention Systems (HIPS)
  • Honeypots and analysis environments
  • Network filters and Network Intrusion Detection Systems (NIDS)

Key malware trends identified in the report show that:

  • Crypto-Ransomware has increased radically since 2013 when there were only two known ransomware families; now there are nine.
  • Macro attacks are back. Since there are very few “reliable” MS office vulnerabilities, attackers now resort to an old trick of embedding macro-based malware in MS Office documents. This usually focuses on banking, and is bundled with Dridex Trojan.
  • Windows kernel exploits are gaining attention and becoming more popular when it comes to launching targeted attacks.

In conclusion, the researchers state that while well-worn patterns of both attack and defense can be seen quite clearly, there is still also a lot of “the same old game.”

By Penny Swift

François Amigorena

SMB’s perceptions of Cloud Storage Security

Data Storage Security The use of cloud storage is on the increase. However, SMBs are still suspicious about it. Actually, 61% of SMBs believe their data in unsafe in the cloud. Why are those perceptions ...
Bruce Guptill

How CFOs and CIOs See Finance Management Priorities

Cloud and the Finance-IT Effectiveness Gap IT leaders today tend to be much better aligned with business and operational leaders and business goals than they were just five years ago. Unfortunately, they are still not ...
Sangeeta Chhabra

Why ‘Cloud’ Should Be A Skill In This Age of Automation

The Age of Automation It is astonishing how the world around us is changing rapidly. More and more companies are now planning their move to the cloud and revamping their business models. Cloud computing has ...
Kishore Durg

Relevance at scale is the key to growth – just ask Del Monte Foods

Relevance at scale is the key to growth Consumer goods companies have seldom had things tougher. The possibilities shown to consumers by customer experience leaders such as Amazon, Google and Facebook have whet out appetites ...
Mobile Apps Business

It May Not Be Sexy, But Strict Compliance Delivers The Freedom To Innovate

Compliance and Business Innovation When the U.S. based non-profit organization RHD | Resources for Human Development decided to move its operations into the cloud, one of its top priorities was compliance. As a company that ...
Gary Bernstein

5 Notable Proxy Servers Adding That Extra Layer Of Privacy

What’s A Proxy Server? A proxy server is a gateway between the user and the internet. This is an intermediary server that separates end users from the websites they browse. It’s completely legal to use ...