Business not keeping up with rapid changes in cyber attacks, says Proofpoint
By Warwick Ashford at ComputerWeekly.com
Most striking development in the first half of 2015 was a big shift from URL-based cyber attacks to attacks that rely on malicious document attachments
Business is struggling to keep up with rapid changes in techniques by cyber criminals as they switch to increasingly malicious campaigns, the latest threat report from security firm Proofpoint reveals.
In addition to the usual parade of new patched vulnerabilities and zero-day exploits, the first half of 2015 saw rapid changes in the exploit kit landscape, according to the Threat Report for June 2015.
The Angler exploit kit and others added zero-day exploits, demonstrating the increasing sophistication and value-add of exploit kits as part of a cyber crime infrastructure.
As predicted, Proofpoint said there had been increased targeting ofpersonally identifiable information(PII) and a rise in use of malvertisingand ransomware in the first half of 2015.
Social media threats and legislation have yet to make the same impact in 2015, but the report said trends in social media activity show that threat actors and legislators alike are discovering this vector and will focus more on it in the second half of 2015.
According to the report, there were four main trends in the first half of the year:
- Shift to attachment-based campaigns.
- Change in phishing techniques to target business users.
- Social media increasing as a source of brand and compliance risk.
- Continued decrease in the overall volume of unsolicited messages.
Shift to attachment-based campaigns
According to the report, the most striking development of the first six months of 2015 was a massive shift of threat activity from the URL-based campaigns that had dominated 2014 to campaigns that rely on malicious document attachments to deliver malware payloads.
Malicious attachments have dominated the 2015 campaigns to date, driven by the huge volumes of attachments and messages delivered by the Dridex campaigners as well as other botnets.
First emerging in late October 2014, this trend was in full force by the beginning of 2015, representing a major change in the threat landscape and demonstrating cyber criminals’ ability to switch rapidly to new tactics and techniques to stay ahead of evolving defences.
The attachments were mainly Microsoft Word documents bearing malicious macros that required user interaction in order to execute.
By combining a variety of obfuscation techniques with document templates that entice the end-user to enable the malicious macro, these campaigns applied social engineering to high-volume threats that were very successful at avoiding detection by antivirus systems.