More than 50 percent of malicious advertising (malvertising) is unknowingly hosted on news and entertainment websites, Flash exploits have increased 60 percent in the past six months, and the growth of ransomware families has doubled each year since 2013, according to Bromium’s latest exploitation trends report.
More than 58 percent of online advertisements with hidden malware were delivered through news websites (32 percent) and entertainment websites (26 percent); notable websites unknowingly hosting malvertising included cbsnews.com, nbcsports.com, weather.com, boston.com and viralnova.com.
“Malvertising is a tough challenge for both enterprises and Internet users, primarily because attackers are injecting malicious ads on legitimate popular websites,” Rahul Kashyap, chief security architect and senior vice president of security and solutions engineering at Bromium, told eWEEK. “In the past, ad-blocking technologies have been used to block online advertisements altogether, but with increasing proliferation of online advertising, it’s important for online advertisers to step up their game and improve the integrity of online ads, the responsibility needs to be shared.”
During the first six months of 2015, Flash experienced eight exploits, an increase of 60 percent since 2014, when there were five exploits.
Most active exploit kits are now serving Flash exploits, potentially impacting a large number of Internet users, given the ubiquity of Adobe Flash.
Kashyap noted the emergence of HTML5 and frequent exploitation used for several malware campaigns is likely to challenge the future of Flash.
In the first six months of 2015, nine new ransomware families emerged, including CoinVault, TeslaCrypt, Cryptofortress, PClock, AlphaCrypt, El-Polocker, CoinVault 2.0, Locker and TOX.
This represents an 80 percent increase from 2014 and represents a significant growth in ransomware since 2013, when there were only two ransomware families, Cryptolocker and Crytowall.
“In the first six months of 2015, malware authors focused on Flash and browser exploits to infect victims, but attackers are continuing to recalibrate attack vectors and tactics,” Kashyap said. “The common denominator continues to be the targeting of end users with the ‘classic’ spear phishing emails or drive-by downloads. It’s unlikely this infection ‘strategy’ is going to dramatically change, and we can definitely expect more evasive malware.”
He also noted that in many cases, zero day exploits are not needed to launch malware as enterprises are slow to adopt and they have operational challenges in taking new codebase, and cyber criminals thrive on this.
“To sum it up –expect more of the same. It’s working quite well from the attackers’ viewpoint,” he said.
