The year 2015 is not over yet, but the rise and fall of the vulnerabilities and exploits have already shaken the world and they made us to believe that " security is a myth, everything is vulnerable". In this article, I will discuss the midyear security report released by Cisco. Yes, Cisco, one of the reputable vendor of the industry has complied and presented an outstanding report featuring many important aspects of the industry.
According to the
report: " flash exploits fire up in first half of 2015". For the first five months of 2015, the Common Vulnerabilities and Exposures (CVE) project published 62 vulnerabilities for Adobe Flash Player that resulted in code execution on users' machines.
They added: "Flash exploits are being integrated regularly into the latest versions of widely used exploit kits such as Angler".
Cisco reports that, on average, 40 percent of users who encounter an Angler exploit kit landing page on the web are compromised. This means Angler can identify a known Flash (or other) vulnerability that it can exploit. It then downloads the payload to the user's machine.
Angler: Running in the Shadows
Angler's success in compromising users online can be attributed partly to its simple but well-constructed web landing pages. Cisco researchers suggest that the exploit kit's authors may be relying on data science to create computer-generated landing pages that resemble normal webpages and easily dupe users. Malvertising (malicious online advertising) is likely the key driver for a consistent stream of web traffic to these pages. Angler also excels at attempting to evade detection. “Domain shadowing" is one technique its authors have recently employed. Exploit kit authors compromise a domain name registrant's account, and then register a subdomain under the legitimate domain of the compromised user.
In addition to domain shadowing, the Angler exploit kit uses multiple IP addresses to make detection more difficult.
1. Exploits of Adobe Flash vulnerabilities are increasing. They are regularly integrated into widely used exploit kits such as Angler and Nuclear.
2. Angler continues to lead the exploit kit market in terms of overall sophistication and effectiveness.
3. Operators of crimeware, like ransomware, are hiring and funding professional development teams to help them make sure their tactics remain profitable.
4. Criminals are turning to the anonymous web network Tor and the Invisible Internet Project (I2P) to relay command-and-control communications while evading detection.
5. Some exploit kit authors are incorporating text from Jane Austen's classic novel Sense and Sensibility into web landing pages that host their exploit kits. Antivirus and other security solutions are more likely to categorize these pages as legitimate after “reading” such text.
6. Spam volume is increasing in the United States, China, and the Russian Federation, but remained relatively stable in other regions in the first five months of 2015.
7. The security industry is paying more attention to mitigating vulnerabilities in open-source solutions.
Let's Close this Chapter
Infosec industry is changing rapidly, we need more professionals, system and process to implement the countermeasures; because our aim is the protect the users. And believe me, users have no idea about this parallel world. Get yourself ready for the few months and the year coming after, there will be more vulnerabilities, exploits, malware and the hackers will try to gain the benefits, there will be because "security is a myth, vulnerability is the truth".