Perimeter
2/17/2016
04:45 PM
Connect Directly
Twitter
Twitter
RSS
E-Mail
50%
50%

5 Exploit Trends Driving Attacks Today

HPE Cyber Risk Report 2016 picks apart infection stats from the past year.

As cybercriminals increasingly monetize their malware efforts, enterprise defenders need to recognize that the application layer has become the biggest battlefield in today's IT risk management model.

So says the HPE Cyber Risk Report 2016, released today by Hewlett Packard Enterprise (HPE) today, which highlights a number of key statistics in last year's attack patterns.

"We must learn from these incidents, understand and monitor the risk environment, and build security into the fabric of the organization to better mitigate known and unknown threats, which will enable companies to fearlessly innovate and accelerate business growth," says Sue Barsamian, senior vice president and general manager of HPE security products.

Among the findings in the report, a number of malware trends and exploit tendancies exhibited by attackers in 2015 bubbled to the surface. Here are some of the likely trends to continue plaguing defenders in the coming year:

1. Banking Trojans Take Advantage of Office

The report showed that more than 100,000 examples of banking Trojans were found in 2015. Among the most prevalent, Zbot/Zeus and Dridex continue to reign supreme. These banking malware applications are feeding off of Microsoft Office vulnerabilities and the resurgence of the Office Macro, says the report.

"While many users
 have learned not to run programs from unknown sources, they are still likely to open documents," the report warned, explaining that macros make exploitation much easier on this front. "Finding and exploiting zero-day vulnerabilities in Office applications is not as trivial a task as compared to obfuscating a bit of VBA."

2. iOS Malware Becomes More Than A Blip

With 2015 marked as the first year that apps within the walled garden of the Apple App Store were compromised, signs are starting to show that iOS is likely to be increasingly targeted as time goes on.

"Although the total number of iOS malicious apps is very low compared to all other popular malware platforms, the growth rate (235%) makes it one to watch in 2016," the report says, comparing that to Android's growth rate of 153%.

Nevertheless, Android will still dominate mobile malware for a long time. According to the report, 10,000 new Android threats are discovered every day.

3. PHP Exploit Growth Dwarfs All Others

PHP is fast becoming a favorite exploit vehicle for cybercriminals. Its growth outstripped that of nearly every other type platform by at four times the rate of second-fastest growing type, iOS. HPE pointed to figures from ReversingLabs that showed PHP malware samples increased by 752% in 2015. Compare that to Windows-targeted malware, with an 88% growth rate and it is clear that PHP neads some scrutiny. According to HPE, a lot of this can be attributed to remote shell tools exposed through Web-based user interfaces.

4. Flash Keeps Criminals Flush With Victims         

Adobe Flash is like a cybercriminal ATM machine at this point, as crooks have learned that they can exploit it to their heart's content. Among the Top 20 vulnerabilities most commonly targeted by malware last year, half of them were Adobe Flash vulnerabilities.  

"The most commonly encountered Flash samples include two discovered after the Hacking Team breach (CVE-2015-5119 and CVE- 2015-5122 ), and a third (CVE-2015-0311) found in the Angler exploit toolkit," the report noted.

5. Old Vulns Are The Best Vulns

Tried and true, old vulnerabilities keep coming up as a reliable means of exploiting the masses. Among the top 10 exploited vulnerabilities, all of them are more than a year old. And nearly half of them are five or more years old. In fact, in 2015, 29% of all successful exploits use a 2010 infection vector that has two different patches available for fixes.

 

Interop 2016 Las VegasFind out more about the latest attacks at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas. Register today and receive an early bird discount of $200.

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Paul__Walsh
50%
50%
Paul__Walsh,
User Rank: Apprentice
2/18/2016 | 3:10:42 PM
Malicious links
Don't forget that most apps have a WebView to display web content - it doesn't come with the same security as browsers so there's no checking to see if links are legit or malicious. In most cases you can't even see the URL.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Five Things Every Business Executive Should Know About Cybersecurity
Don't get lost in security's technical minutiae - a clearer picture of what's at stake can help align business imperatives with technology execution.
Flash Poll
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Social engineering, ransomware, and other sophisticated exploits are leading to new IT security compromises every day. Dark Reading's 2016 Strategic Security Survey polled 300 IT and security professionals to get information on breach incidents, the fallout they caused, and how recent events are shaping preparations for inevitable attacks in the coming year. Download this report to get a look at data from the survey and to find out what a breach might mean for your organization.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Security researchers are finding that there's a growing market for the vulnerabilities they discover and persistent conundrum as to the right way to disclose them. Dark Reading editors will speak to experts -- Veracode CTO and co-founder Chris Wysopal and HackerOne co-founder and CTO Alex Rice -- about bug bounties and the expanding market for zero-day security vulnerabilities.