Targeted attacks have grown more sophisticated, with evidence that cybercriminals are pursuing not only commercial organizations, but also government and infrastructure targets. Moreover, with the growing use of fraudulent and/or stolen digital certificates, these attacks have become more successful and evasive.
The exploit kit market has shifted dramatically toward the Blackhole exploit kit, which has the capability to update frequently and rapidly to take advantage of application vulnerabilities.
Even though there has been a precipitous drop in spam volumes, more spam messages are likely to contain malicious links or attachments.
There has been a significant increase in fraud and malware proliferation using social networks as a conduit. While targeted attacks are not new, the serious growth in incidents during the second half of 2011 is real cause for concern, not just for companies but for entire countries.
According to the report, targeted attacks became sophisticated and pursued a wider range of organizations, including commercial, national critical infrastructure and military targets.
One of the new attack vectors researchers identified is the use of fraudulent digital certificates. The report indicates the DigiNotar intrusion resulted in the “fraudulent issuance of hundreds of digital certificates for a number of domains, including Google, Yahoo!, Facebook, and even for some intelligence agencies, such as the CIA, the British MI6 and the Israeli Mossad.”
M86 Security stresses that organizations must plan and deploy a multi-layered security policy to minimize risks of a successful targeted attack. The exploits monitored during the second half of the year targeted a variety of products, including Microsoft Internet Explorer, Oracle Java, Microsoft Office products and, quite commonly, Adobe Reader and Adobe Flash.
What’s really astonishing is that some of the top vulnerabilities that criminals continue to exploit have not only been known for years, but fixes have also been available for years. For example, M86 found that the most exploited Web-based vulnerability is Microsoft Internet Explorer RDS ActiveX, which was both discovered and patched in 2006. Here we are, six years later, and this vulnerability still affects 17.7% of the pages that contain Web exploits as observed by M86 Secure Web Gateway.
The M86 report states the obvious: “Many users and organizations do not patch all their installed software in a timely manner, and attackers leverage this weakness to their advantage.”
The report also indicates that exploits shifted focus from malicious attachments to malicious links that led to exploit kits, in particular, the Blackhole exploit kit.
There’s good news and bad news in the spam observations. By the end of 2011, 5% to 10% of all spam contained links or attachments which redirected users to malicious or compromised sites that delivered a malware payload.
A troubling trend is cybercriminals exploiting the popularity of social media and the apparent blind trust of the users by duping them with fake (and infected) notification messages to “Friend Me” on Facebook or inviting them to join a LinkedIn network. For instance, a campaign last August led people to a fake Facebook login page and ultimately to the Blackhole exploit kit and a Zbot Trojan.
Source: http://www.networkworld.com/newsletters/techexec/2012/021012bestpractices.html