According to Bromium’s Endpoint Exploitation Trends 2015 [PDF] report, vulnerabilities discovered in popular software, including Internet Explorer, Firefox, Chrome, Flash, Java and Microsoft Office increased by nearly 60 percent last year, from 733 in 2014 to 1,167 in 2015.
“This could be explained by different factorrs, such as better security testing, shorter release cycles and the development of new analysis approaches,” the report states.
Similarly, exploits increased by almost 40 percent, from 10 in 2014 to 14 in 2015. Adobe Flash exploits in particular increased by 200 percent, from four in 2014 to 12 in 2015.
“Attackers focus on high-value targets with the path of least resistance, which means that attack vectors may shift as previously vulnerable software implements new security to mitigate attacks,” Bromium chief security architect Rahul Kashyap said in a statement. “We have seen Microsoft take great steps to improve the security of Internet Explorer and Windows, which has forced attackers to focus on Flash exploits, malvertising and macro malware delivered through phishing emails.”
The report also notes that the number of ransomware families has increased by 600 percent since 2013, from two in 2013 to 12 in 2015. “All the crypto-ransomware we encountered in 2015 was distributed either by drive-by-download attacks or by macro malware in spam emails,” the report notes.
Bromium’s threat sensors found that at least 27 percent of websites in the Alexa 1000 delivered malware via malicious advertisements. “Until the advertising industry takes more proactive steps to curb these attacks, expect this trend to continue,” the report states.
Separately, Solutionary’s Security Engineering Research Team (SERT) Quarterly Threat Report for Q4 2015 found that the number of observed viruses and worms surged by 236 percent in the fourth quarter of last year, while reconnaissance activity dropped by more than 77 over the previous quarter.
“This supports the overall trend identified in Q3 ’15 as attacks moved from reconnaissance to increased attacks and, in Q4 ’15, to increased infections,” the report states.
Looking ahead to the coming year, the report anticipates that Android security will become an increasing concern. “Look for Android malware to become more complex and evasive in order to circumvent traditional security measures,” the report states.
“Additionally, expect to see the use of Android devices in botnets,” the report adds. “Just like more traditional desktop hosts, bots perform more effectively in greater numbers, and a mobile, self-contained, battery-powered device presents a very attractive target.”