March 10, 2016 |

Are Exploit Kits Doomed? New F-Secure Threat Report Says Yes

The 2015 Threat Report predicts the end of Flash exploits and discusses the re-emergence of macro malware, among other global trends and events from 2015.

Exploit kits face a disruptive future, according to F-Secure’s new Threat Report for 2015. The report, released today, details the trends and events in global cyber threats that hit consumers and companies last year.

Prominent on last year’s malware scene were the Angler and Nuclear exploit kits, both of which, like the other top exploit kits, mostly took advantage of vulnerabilities in Flash to do their dirty work. But Sean Sullivan, Security Advisor in F-Secure Labs, predicts in the report that Google Chrome will kill Flash support in early 2017, and Mozilla Firefox and Microsoft Edge will follow. Sullivan predicts that by spring of 2017, Flash will no longer bear fruit for exploit kit makers.

Exploits, which have become one of the most common vehicles for malware in the past decade, need out-of-date software in order to accomplish their goal of getting through security holes. But that software, Sullivan says, will be harder and harder to find. For example, with HTML 5’s capability to “do it all”, the need for third party browser plugins has mostly been eliminated. And today’s browsers themselves are auto-updated, without the need for the user to intervene, so users always have the latest version.

Other programs don’t offer much fruit. Microsoft’s software is much more secure than it used to be, and patches roll out very quickly. Adobe’s other software is more and more cloud based, rather than being local on people’s machines. And browser developers have forced Java into a restricted place. So what will happen to exploit kits if there’s no new fruit?

“Hopefully, they die,” Sullivan says. “Wouldn’t be the first time that a business model collapsed in the malware scene. Or they may focus on browsers, but then they’ll need to find zero day vulnerabilities.”

Macro malware re-appears

As exploit kits face an eventual decline, the report predicts that commoditized malware services will only accelerate their use of email attachment-based malware schemes. One such scheme is macro malware, which re-emerged in 2015 after lying low since the early 2000s.

Malware authors use the macro feature in Office to implant malicious code to documents they email as attachments. With Office 2003, Microsoft changed default settings to no longer run macros automatically, making attacks much more difficult. Today’s macro malware attempts to get around Microsoft’s default settings by displaying text in the open document that claims it is a “protected” document that requires the user to enable macros.

Other Notable Highlights from F-Secure’s 2015 Threat Report:

  • Police-themed ransomware decreased, but crypto-ransomware saw an increase in activity
  • Worms accounted for a greater portion of malware (18%) than the previous year (10%)
  • A look at the Dukes cyber espionage group through their years of employing malware to gather intelligence for the Russian Federation
  • The most notable threats facing different countries and regions
  • The top threats to Windows, Mac and Android operating systems
  • Today’s threats as viewed through the Chain of Compromise, a user-centered model that illustrates how cyber attacks compromise devices and networks
  • The top vulnerabilities used by the top exploit kits in 2015

The full report can be downloaded from F-Secure’s website.

More information:

Threat Report: Malware, the Dukes, and how Systems become Compromised
As Cyber Threats Die, Old Attacks Re-emerge

F-Secure – Switch on freedom

F-Secure has been defending tens of millions of people around the globe from digital threats for over 25 years. Our award-winning products protect people and companies against everything from crimeware to corporate cyberattacks, and are available from over 6000 resellers and 200 operators in more than 40 countries. We’re on a mission to help people connect safely with the world around them, so join the movement and switch on freedom!

Founded in 1988, F-Secure is listed on NASDAQ OMX Helsinki Ltd.

f-secure.com | twitter.com/fsecure | facebook.com/f-secure

F-Secure media relations
Ulla Toivanen

+358 40 752 0688

Downloads & other Goodies

2015_highlights.png
threat_report_2015.pdf

Latest Press Releases

November 16, 2017

DNS now your First Line of Defense against Cyber Attacks

F-Secure is partnering with the Global Cyber Alliance to step up the fight against malicious URLs with a secure DNS service that companies and individuals can use for free.

October 25, 2017

Study Shows 30% of CEOs Have Been “Pwned,” Passwords Exposed

Email exposure study also shows 81% of the world’s top CEOs have had their personal information exposed in spam lists or leaked marketing databases.

October 3, 2017

F-Secure, University of Helsinki bring back Cyber Security Base

F-Secure and the University of Helsinki re-launch their cyber security MOOC following the success of last year’s offering.

September 27, 2017

F-Secure Makes the Best Protection Better with New Version of Flagship Endpoint Security Suite

F-Secure’s new Protection Service for Business features upgraded behavior-based blocking for Windows and Macs to give companies the protection they need from modern threats.

%d bloggers like this: