Cisco is reporting that successful exploits of Flash vulnerabilities are soaring, partly because they are rapidly being incorporated in kits that take advantage of the flaws as well as because enterprises aren’t patching fast enough, which leaves them open to attack.
2015年前五个月,普通漏洞和公开项目已报告了62个Adobe Flash Player漏洞,导致用户计算机上的代码执行,思科2015 Midyear Security Report.
这比2001年的年度总计超过了2001年。最近的一年是2012年,其中57个脆弱性,但CVE仍有七个月的时间来报告2015年。
Cisco says Flash exploits are being rapidly integrated into widely used exploit kits such as Angler and Nuclear. Authors of the Angler and Nuclear kits included exploits of newly published vulnerabilities within days of them being publicly announced, the report says, and Flash upgrades by users lag.
The effectiveness of the exploits in these kits is enhanced by the fact that users are failing to install updates that patch the vulnerabilities in a timely manner, Cisco says. “It appears many users have difficulty staying on top of Adobe Flash updates and perhaps may not even be aware of some upgrades,” the report says.
+ ALSO ON NETWORK WORLDJane Austen lets the boogie man in: Cisco report+
除了快速跳跃新的漏洞之外,斯坎弗还有其他功能,思科表示,足够促进其有效性,足以让报告康珀作为开发套件复杂性和有效性的领导者。
That’s because the kit can identify which weaknesses victim machines have and downloads appropriate malicious payloads to exploit them, Cisco says. Angler’s success rate is 40% against devices that hit one of its landing pages. That compares to just 20% on average for all other exploit kits, the report says.
垂钓者使用域阴影来欺骗受害者。这是损害合法域名注册人的帐户的实践,然后在其帐户中创建子域名。它们使用子域来指向托管恶意着陆页面的钓鱼者服务器。
Cisco says Angler is responsible for 75% of all known subdomain activity of this sort by exploit kit authors since last December. In addition, the actors behind Angler change the IP addresses of their malicious sites many times per day to avoid detection.
Often the malware they deliver is勒索制造器, such as Cryptowall that encrypts victim machines until the victims pay a sum to have them decrypted.
The Cisco report also says these exploit kits also deploy Dridex, a banking malware that relies on Microsoft Office vulnerabilities to wage malicious macro attacks. They typically go undetected long enough to be effective then cease after antivirus vendors publish signatures for them.
Corporate security pros need to be on the lookout for malware designed to evade detection and also damage the operating systems of the machines it infects if detection efforts become too persistent, the report says. It uses Rombertik as an example of such malware because it performs pointless operations while it is in security sandboxes in an effort to wait out analysis or to delay discovery.
Rombertik attempts to overwrite master boot records and if it fails, will destroy all files in users’ home folders. Should it go undetected, then it starts its primary function, stealing data typed into browsers. “It’s a solid bet other malware authors will not only appropriate Rombertik’s tactics but may make them even more destructive,” the report says.
Sandbox detection in malware is on the rise, making it harder for enterprises to discover it.
该报告称垃圾邮件水平保持大致相同,并且编码错误继续将可利用的缺陷引入软件。报告称,“厂商需要更加强调开发生命周期内的安全性,或者他们将继续花时间和金钱来追赶,修复和报告漏洞,”该报告称。
Java-based exploits are on the decline, with no zero-day exploits being discovered since 2013. Improved patching and security improvements have made the difference, Cisco says.