Vulnerabilities / Threats

3/22/2018
03:25 PM
Dark Reading
Dark Reading
Products and Releases
0%
100%

Cofense Malware Review Covers Trends and Predictions on Malware, Delivery Methods and Trending Attacks

Abuse of legitimate software, rapid exploitation of disclosed vulnerabilities and dynamic phishing techniques increase infection rates, according to the report

LEESBURG, VA. – March 22, 2018 – Cofense™, formerly known as PhishMe®, today announced the release of the 2018 Cofense Malware Review, A Look Back and a Look Forward, detailing the trends that defined malware attacks in 2017 and the emerging trends for network defenders to prioritize in 2018.

While a couple of high profile breaches stole the spotlight in 2017, Cofense’s global security team uncovered a number of less visible evolutions that dramatically changed the threat landscape and continue to pose threats. Malicious actors demonstrated how quickly they could exploit recently disclosed vulnerabilities, change how they use or modify malware, and how swiftly they could profit from new attack surfaces – including the proliferation of cryptocurrencies and the enterprises moving to cloud platforms.

Based on the analysis of millions of messages received daily from a wide range of sources, the report details notable insights on phishing-specific threats seen in 2017 and what is to come, including:

  • The proliferation of cryptominers. 2017 saw the rise of cryptominers infiltrating computers via phishing emails and recruiting of victims’ computers for their armies of cryptomining botnets. The compromised computers perform cryptocurrency mining to generate currency for the threat actors while reducing the efficiency of infected computers.
  • Surge in abuse of business-critical platform features. Office Macro scripting took the lead in Office-based attacks (almost 600 campaigns analyzed), making use of Windows-based interoperability functionality for malicious purposes. Cofense analyzed nearly a hundred campaigns that abused Microsoft Office Object Linking and Embedding (OLE).
  • Massive amount of new ransomware campaigns. While 2016’s Locky and Cerber ransomware continued to hold encrypted files hostage in 2017, several prominent new ransomware families also emerged in major phishing campaigns. In fact, five of the top ten new malware varieties in phishing email were new ransomware varieties, demonstrating ransomware operators’ drive to evolve and survive. Many attackers require bitcoin as the preferred method of ransom payment, going as far as providing the victim step-by-step payment instructions using their cryptocurrency of choice.
  • The opportunism of disclosure. Threat actors quickly took advantage of disclosed or leaked vulnerabilities. After Microsoft Office’s Dynamic Data Exchange (DDE) abuse technique was disclosed by a security researcher, Cofense observed exploits across various malware utilities just a week later.

“Understanding what vulnerabilities malicious attackers took advantage of yesterday is critical when preparing for the threats of tomorrow,” said Aaron Higbee, Co-Founder and CTO at Cofense. “As delivery methods evolve daily and malware innovations accelerate, timely attack intelligence is critical and must extend across organizations. Now is the time for every inbox to be a sensor and every employee to be a security evangelist that can trigger organization-wide security orchestration to break the attack kill chain at delivery.”

Looking ahead, the report finds that ransomware attacks will continue to develop, including more ransomware operators engaging in negotiations and the diversification in types of cryptocurrencies demanded. The financial success of ransomware campaigns proves that crime does pay for malicious actors looking for fast profitability. The report also predicts cloud services will grow as an attack surface and we’ll continue to see the development of more enhanced malware delivery attacks.

To learn more, you can download the full report here: https://cofense.com/malware-review-2018/

About Cofense

Cofense, formerly known as PhishMe, is the leading provider of human-driven phishing defense solutions world-wide. Cofense delivers a collaborative approach to cybersecurity by enabling organization-wide engagement to active email threats. Our collective defense suite combines timely attack intelligence sourced from employees with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches. Cofense customers include Global 1000 organizations in defense, energy, financial services, healthcare and manufacturing sectors that understand how changing user behavior will improve security, aid incident response and reduce the risk of compromise.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
White Hat to Black Hat: What Motivates the Switch to Cybercrime
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
PGA of America Struck By Ransomware
Dark Reading Staff 8/9/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-3937
PUBLISHED: 2018-08-14
An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2018-3938
PUBLISHED: 2018-08-14
An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST r...
CVE-2018-12537
PUBLISHED: 2018-08-14
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.
CVE-2018-12539
PUBLISHED: 2018-08-14
In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows,...
CVE-2018-3615
PUBLISHED: 2018-08-14
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.