2H 2012 Threat Report: A closer look at the cybersecurity landscape
by Mikko Hypponen, Chief Research Officer, F-Secure
Today, the most common way of getting hit by malware is by browsing the Web. It hasn’t always been this way. Years ago, floppy disks were the main malware vector. Then sharing of executable files. Then e-mail attachments. But for the past five years, the Web has been the main source of malware.
The Web is the problem largely because of Exploit Kits. Kits such as BlackHole, Cool Exploit, Eleanore, Incognito, Yes or Crimepack automate the process of infecting computers via exploits.
There is no exploit without a vulnerability. Ultimately, vulnerabilities are just bugs, that is, programming errors. We have bugs because programs are written by human beings, and human beings make mistakes. Software bugs have been a problem for as longs as we have had programmable computers—and they are not going to disappear.
Bugs were not very critical until access to the Internet became widespread. Before, you could have been working on a word processor and opening a corrupted document file, and as a result, your word processor would have crashed. Even if annoying, such a crash would not have been too big of a deal. You might have lost any unsaved work in open documents, but that would have been it.
However, things changed as soon as the Internet entered the picture. Suddenly, bugs that used to be just a nuisance could be used to take over your computer. Yet, even the most serious vulnerabilities are worthless for the attacker, if they get patched. Therefore, the most valuable exploits are targeting vulnerabilities that are not known to the vendor behind the exploited product. This means that the vendor cannot fix the bug and issue a security patch to close the hole.
If a security patch is available and the vulnerability starts to get exploited by the attackers five days after the patch came out, the users have had five days to react. If there is no patch available, the users have no time at all to secure themselves; literally, zero days. This is where the term ‘Zero Day Vulnerability’ comes from: users are vulnerable, even if they have applied all possible patches.
One of the key security mechanisms continues to be patching. Make sure all your systems are always fully up-to-date. This drastically reduces the risk of getting infected. But for Zero Day vulnerabilities, there are no patches available. However, antivirus products can help against even them. We’re in a constant race against the attackers. And this race isn’t going to be over any time soon.
In our latest 2H 2012 Threat Report, we take a look at the threat landscape, offering context around the threats found during the past six months. There are three things that visibly stand out in this past half year: botnets (with special reference to ZeroAcess), exploits (particularly against the Java development platform) and banking trojans (Zeus).
In terms of online security, we looked at the more ambiguous side of the ever-growing popularity of website hosting, and how its increasingly affordable and user-friendly nature also makes it well suited to supporting malware hosting and malvertising.
We also share our thoughts coordinated attack campaigns launched against multiple platforms (both desktop and mobile), often with multiple malware.
And finally on the mobile scene, Android and Symbian platforms continue to be the main focus of threats for all new mobile malware variants identified in 2012.
The full report, for our Cyber Defense Magazine readers and subscribers, is available here.
(Sources: CDM and F-Secure)
;
We are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.