As cybercriminals increasingly monetize their malware efforts, enterprise defenders need to recognize that the application layer has become the biggest battlefield in today's IT risk management model.
So says the HPE Cyber Risk Report 2016, released today by Hewlett Packard Enterprise (HPE) today, which highlights a number of key statistics in last year's attack patterns.
"We must learn from these incidents, understand and monitor the risk environment, and build security into the fabric of the organization to better mitigate known and unknown threats, which will enable companies to fearlessly innovate and accelerate business growth," says Sue Barsamian, senior vice president and general manager of HPE security products.
Among the findings in the report, a number of malware trends and exploit tendancies exhibited by attackers in 2015 bubbled to the surface. Here are some of the likely trends to continue plaguing defenders in the coming year:
1. Banking Trojans Take Advantage of Office
The report showed that more than 100,000 examples of banking Trojans were found in 2015. Among the most prevalent, Zbot/Zeus and Dridex continue to reign supreme. These banking malware applications are feeding off of Microsoft Office vulnerabilities and the resurgence of the Office Macro, says the report.
"While many users have learned not to run programs from unknown sources, they are still likely to open documents," the report warned, explaining that macros make exploitation much easier on this front. "Finding and exploiting zero-day vulnerabilities in Office applications is not as trivial a task as compared to obfuscating a bit of VBA."
2. iOS Malware Becomes More Than A Blip
With 2015 marked as the first year that apps within the walled garden of the Apple App Store were compromised, signs are starting to show that iOS is likely to be increasingly targeted as time goes on.
"Although the total number of iOS malicious apps is very low compared to all other popular malware platforms, the growth rate (235%) makes it one to watch in 2016," the report says, comparing that to Android's growth rate of 153%.
Nevertheless, Android will still dominate mobile malware for a long time. According to the report, 10,000 new Android threats are discovered every day.
3. PHP Exploit Growth Dwarfs All Others
PHP is fast becoming a favorite exploit vehicle for cybercriminals. Its growth outstripped that of nearly every other type platform by at four times the rate of second-fastest growing type, iOS. HPE pointed to figures from ReversingLabs that showed PHP malware samples increased by 752% in 2015. Compare that to Windows-targeted malware, with an 88% growth rate and it is clear that PHP neads some scrutiny. According to HPE, a lot of this can be attributed to remote shell tools exposed through Web-based user interfaces.
4. Flash Keeps Criminals Flush With Victims
Adobe Flash is like a cybercriminal ATM machine at this point, as crooks have learned that they can exploit it to their heart's content. Among the Top 20 vulnerabilities most commonly targeted by malware last year, half of them were Adobe Flash vulnerabilities.
"The most commonly encountered Flash samples include two discovered after the Hacking Team breach (CVE-2015-5119 and CVE- 2015-5122 ), and a third (CVE-2015-0311) found in the Angler exploit toolkit," the report noted.
5. Old Vulns Are The Best Vulns
Tried and true, old vulnerabilities keep coming up as a reliable means of exploiting the masses. Among the top 10 exploited vulnerabilities, all of them are more than a year old. And nearly half of them are five or more years old. In fact, in 2015, 29% of all successful exploits use a 2010 infection vector that has two different patches available for fixes.