Web-based exploits on the decline, but users still slow to patch

Attackers are no longer focusing on Java vulnerabilities and are increasingly looking at other targets, like Silverlight

The number of exploit kits on the Web dramatically decreased last year, but some have become more sophisticated and shifted their focus to software that is less frequently updated.

The end of 2013 was marked by the arrest in Russia of 12 suspected cybercriminals involved in the creation and distribution of Blackhole, the most widely used exploit kit at the time, including the attack tool's main author who used the online alias Paunch.

Exploit kits are malicious Web applications that contain exploits for vulnerabilities in Web browsers and browser plug-ins, like Java, Flash Player, Adobe Reader and Silverlight. Users get redirected from compromised websites or malicious advertisements to exploit kit landing pages, which then check the version of their browser and plug-ins and launch the appropriate exploits. If successful, the exploits install malware on users' computers.

No other exploit kit reached the prevalence of Blackhole after its demise, according to security researchers from Cisco Systems. In fact, the number of unique hits from exploit kits decreased by 88 percent between May and November 2014, they said in the Cisco 2015 Annual Security Report released Tuesday.

"Since [the] takedown of Paunch and Blackhole, more exploit kit users appear to be taking care to invest in kits known to be technically sophisticated in terms of their ability to evade detection," the Cisco researchers said.

One exploit kit called Angler is notable for advances in this area. Since September, the attack tool no longer drops executable files on compromised systems following successful exploitation. Instead, it injects malicious code directly into the browser process, making it harder for antivirus programs to detect the infection.

Another exploit kit-related trend is a decline in their targeting of Java vulnerabilities. Java exploits remain one of the top attack vectors on the Web, but their use has been on a steady decline for over a year, according to Cisco's data. They are now almost on par with Flash Player exploits.

This decrease was likely caused by security improvements made by Oracle and browser vendors. Modern versions of Java do not execute unsigned code without user interaction and have automatic updates. Some browsers also automatically block vulnerable versions of Java.

"Online criminals have discovered easier targets and have turned their attention to non-Java vectors that deliver higher return on investment," the Cisco researchers said. "For example, many users fail to update Adobe Flash and PDF readers or browsers regularly, providing criminals with a wider range of both old and new vulnerabilities to exploit."

Another browser plug-in that many users apparently fail to patch is Microsoft Silverlight. The volume of attacks that exploit vulnerabilities in Silverlight has increased by almost 230 percent since December 2012.

"Silverlight attacks, while still very low in number compared to more established vectors, are on the rise -- especially since August," the Cisco researchers said.

A greater adoption of automatic updates -- especially by organizations, which typically disable such features to prevent possible failures and incompatibility -- would be a solution to the outdated software problem.

However, while some desktop software vendors offer automatic updates, manufacturers of specialized hardware appliances and embedded devices are lagging behind.

The critical Heartbleed vulnerability in OpenSSL that was disclosed in April last year highlighted the difficulties that users have in deploying patches for non-PC software.

Many Web servers and browsers that rely on OpenSSL for secure encrypted communications were patched relatively quickly, but OpenSSL is also used by mobile phones, networking gear, hardware security appliances and a wide variety of other devices that are not easy to update.

"Cisco Security Research used scanning engines to examine devices connected to the Internet and using OpenSSL," the Cisco researchers said in the report. "The team determined that 56 percent of devices surveyed used versions of OpenSSL that were more than 50 months old. This means that despite the publicity given to Heartbleed, the security flaw in the handling of Transport Layer Security (TLS) discovered in 2014, and the urgent need to upgrade to the latest version of OpenSSL software to avoid such vulnerabilities, organizations are failing to ensure that they are running the latest versions."

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags patchesCisco Systemssecuritypatch managementExploits / vulnerabilitiesmalware

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?