For security pros fighting to stay ahead of the endlessly evolving array of threats facing their companies, several new studies demonstrate new trends in the shifting threat landscape, including a need for next-generation endpoint protection and a shift from exploits targeting Adobe Flash vulnerabilities to attacks that leverage Microsoft flaws.
A recent SentinelOne survey of 500 enterprise security professionals found that 53 percent of U.S. organizations that were recently infected with ransomware blamed their legacy anti-virus solutions for failing to prevent the attack — and almost 7 out of 10 of those have since replaced that legacy anti-virus with next-generation endpoint protection.
When asked to identify the leading factor in successful ransomware attacks, the top three responses were employee carelessness (56 percent), failed legacy anti-virus protection (53 percent) and untimely responses (33 percent).
Still, 96 percent of respondents who were infected with ransomware said they’re confident they can prevent future attacks — and 68 percent of those respondents attribute that confidence to having replaced legacy anti-virus with next-generation endpoint protection.
Fifty-two percent of respondents said they’ve lost faith in traditional anti-virus.
“Attackers are continually refining ransomware attacks to bypass legacy AV and to trick unwitting employees into infecting their organization,” SentinelOne vice president of products Raj Rajamani said in a statement. “Paying the ransom isn’t a solution either — attackers are treating paying companies like an ATM, repeating attacks once payment is made.”
Seventy-three percent of U.S. organizations that paid a ransom in response to a ransomware attack were targeted and attacked again. The average ransom paid by U.S. companies was $57,088, and the average estimated business cost of a ransomware attack exceeded $900,000.
WatchGuard Technologies’ Internet Security Report for Q4 2017 similarly found that total malware attacks were up 33 percent worldwide in the fourth quarter of last year, and 46 percent of those threats were “zero-day” malware that wouldn’t have been caught by legacy signature-based anti-virus solutions.
A separate Recorded Future study found that while Adobe Flash accounted for six of the top 10 vulnerabilities used by cybercriminals in 2016, that shifted significantly over the past year — in 2017, the report states, seven of the top 10 vulnerabilities leveraged Microsoft products instead.
“This comes as cryptocurrency mining malware popularity rose in the past year,” the report states. “Profiting from cryptocurrency mining has its advantages, including less time spent on collecting victim ransomware payments and the avoidance of rising Bitcoin transaction fees.”
It’s also, logically enough, likely attributable to the decreasing popularity of Flash. “With Google Chrome usage now nearing 60 percent globally, browsers whose default is ‘click to play’ have taken hold,” the report notes. “This secure feature limits the impact of many Adobe Flash Player vulnerabilities used by cybercriminals.”
The most commonly observed vulnerability in 2017 was CVE-2017-0199, a flaw in Microsoft Office that was widely adopted in phishing attacks. Three vulnerabilities remained on the list from 2016 to 2017 — one of them, the top exploited vulnerability in 2016, CVE-2016-0189 in Microsoft Internet Explorer, came in second in 2017.
2017 also saw a 62 percent decline in development for exploit kits, from 26 new kits in 2016 to just 10 in 2017. “The drop in overall exploit kit references overlaps with the rapid decline of Flash Player usage,” the report states. “Flash Player exploits, the most popular in-roads for exploit kits in 2015 and 2016, had been plentiful and well packaged due to leaks, including those found in the Hacking Team’s exploit library.”