Solutionary Security Engineering Research Team (SERT) Q4 Threat Report Shows DDoS Attacks Decreased, Web Authentication Security and Malware Attacks Increased
OMAHA, NE--(Marketwire - Jan 22, 2013) - Solutionary, the leading pure-play managed security services provider (MSSP), announced today that its Security Engineering Research Team (SERT) has released its Q4 SERT Quarterly Threat Report. The report examines the threat landscape for the last quarter of 2012 and focuses specifically on exploit kits and malware trends. Research revealed that 58 percent of the vulnerabilities targeted by the most popular exploit kits in Q4 were more than two years old, that 70 percent of exploit kits reviewed were released or developed in Russia, and that there was a reduced volume of Distributed Denial of Service (DDoS) attack-related activity and a slight increase in Web application and malware security incidences.
"The fact that cyber criminals are able to penetrate network defenses by targeting aging vulnerabilities and using old techniques demonstrates that many organizations are still playing catch-up when it comes to cyber security. Tight budgets, inability to convince stakeholders at all levels that security should be a priority, and a shortage of research resources could be among the reasons why many security and risk teams are continuing to operate in reactive mode," said Rob Kraus, SERT director of research. "By partnering with us, our customers are able to cost-effectively leverage our research and security expertise to drive security into the corporate priority stack, significantly strengthen their cyber defenses, and stay a step ahead of existing and emerging threats."
In reviewing 26 commonly used exploit kits, SERT identified exploit code dating as far back as 2004, serving as evidence that old vulnerabilities continue to prove fruitful for cyber criminals. The fact that 58 percent of the vulnerabilities exploited are over two years old further supports SERT findings that the number of newly discovered and disclosed vulnerabilities has declined since 2010. The Q4 report also revealed that BlackHole 2.0 was the most often-used exploit kit; that Phoenix 3.1 supports the most vulnerabilities, approximately 9 percent; and that a large number of exploit kits have been developed and distributed in Eastern Europe, with 70 percent coming from Russia, followed by China and Brazil.
While DDoS attacks surprisingly decreased during Q4, SERT found that Web application and malware security incidences increased 8 percent. This signals that cyber criminals seem to be shifting from attacking retail sites to directly targeting consumers with social-engineering attacks, using subjects such as Hurricane Sandy to grab attention. SERT research also revealed that anti-virus and anti-malware software cannot detect 67 percent of malware being distributed and that 30 percent of the malware samples studied traced back to JavaScript malware variants used for redirection, obfuscation and encryption, all used in the BlackHole exploit kit. Furthermore, the Q4 report showed that 18 percent of the malware samples studied by SERT were directly attributed to BlackHole.
"Exploit kits largely focus on targeting end-user applications," said Kraus. "As a result, it is vital that organizations pay close attention to patch management and endpoint security controls in order to significantly decrease the likelihood of compromise."
Key Findings
- There was a 15 percent decrease in the volume of authentication security, DDoS and reconnaissance incidences as observed through the Solutionary ActiveGuard® MSSP platform.
- 58 percent of the vulnerabilities targeted by the well-known exploit kits reviewed are more than two years old, based on visibility into publicly available exploit kits and qualitative analysis.
- Nearly 70 percent of the exploit kits reviewed were released or developed in Russia.
- BlackHole 2.0 is the most often used exploit kit, but targets fewer vulnerabilities than other kits
- Phoenix 3.1 supports roughly 9 percent of all vulnerabilities being exploited.
- 67 percent of malware is not detected by anti-virus or anti-malware software.
- 18 percent of the malware samples reviewed by SERT were directly attributed to BlackHole.
To access a copy of the complete report, please visit: http://www.solutionary.com/index/SERT/Quarterly-Threat-Reports/Q4-2012/index.php.
Visit our blog at http://blog.solutionary.com/.
Follow us on Twitter.
Visit our blog at http://blog.solutionary.com/.
Follow us on Twitter.
About SolutionarySolutionary is the leading pure-play managed security services provider. Solutionary reduces the information security and compliance burden, delivering flexible managed security services that align with client goals, enhancing organizations' existing security program, infrastructure and personnel. The company's services are based on experienced security professionals, global threat intelligence from the Solutionary Security Engineering Research Team (SERT) and the patented, cloud-based ActiveGuard® service platform. Solutionary works as an extension of clients' internal teams, providing industry-leading customer service, patented technology, thought leadership, years of innovation and proprietary certifications that exceed industry standards. This client focus and dedication to customer service enables Solutionary to boast one of the highest client retention rates in the industry. Solutionary provides 24/7 services to mid-market and global enterprise clients through multiple security operations centers (SOCs) in North America. For more information, visit www.solutionary.com.