Ransomware usage explodes, as app, browser and plug-in vulnerabilities increase

Bromium conducted research on cyber attacks and threats affecting enterprise security over the last six months. The good news is while the number of vulnerabilities is steadily increasing, not all exploitable vulnerabilities are actually exploited. The bad news is, criminals are working harder to get protected data. As a result, there’s been an uptick in recent high-profile data breaches and ransomware attacks.

Vulnerabilities are on the rise, with 516 reported to the National Vulnerability Database in the first six months of 2016, compared to 403 vulnerabilities reported in all of 2015. Despite the spike in vulnerabilities, researchers found fewer exploitable vulnerabilities in popular software systems, including:

• Adobe PDF (0 exploits)
• Chrome (0 exploits)
• Internet Explorer (2 exploits)
• Firefox (0 exploits)
• Java (0 exploits)
• Microsoft Office (2 exploits)
• Silverlight (1 exploit) than in previous years.

Bromium credits this to software vendors’ growing attention to security.

The most notable exception for increasing exploits remains Adobe Flash, which had 31 exploits in the first half of 2016 – up from eight exploits in all of 2015 – a 74 percent increase. While some security vendors block Flash or have dropped support, Flash remains popular among end users and remains one of the top targets for criminals.

Neutrino and Rig are the most used exploit kits. Angler and Nuclear kits were on the list but disappeared in the first week of June. Industry experts believe crackdowns on cybercrime groups caused attackers to switch to Neutrino and Rig to keep malware campaigns going. Researchers note this is likely, referencing a similar case in 2013 when the author of Black Hole (at the time the most used exploit kit) was arrested and attackers pivoted to Angler. Bromium maintains that, despite crackdowns, attackers will continue to switch to other kits to keep attack campaigns running.

The Bromium analysis confirms there’s a gold rush of ransomware happening now. Since the beginning of 2016, dozens of new ransomware families have been released into the wild. The current market leader is Locky, with 755 tracked instances infecting removable drives and RAM disks.

“As an industry, we’ve always said there’s no one silver bullet to address the complexities of attacks that are affecting our business. However, our latest research shows that enterprises and vendors alike are stepping up to do a better at securing their networks and data,” said Rahul Kashyap, EVP and chief security architect of Bromium. “But there’s still work to be done. Old attack tactics like phishing and watering holes persist, and new attack techniques are always emerging. Automated attacks are consistently bypassing anti-virus solutions; and malware is morphing every new instance in a network to bypass and therefore render AV useless.”

“Over the course of the next year, I expect attackers will continue to leverage social engineering tactics to exploit users. What’s abundantly clear from our report is that the need to implement instant protection, detection and remediation is more critical than ever,” added Kashyap.