New technology threats and dangerous trends spring up on a daily basis, including numerous incidents threatening endpoint security. Within the past week alone, there have been weaponized Word documents endpoints in Japan. And a recent trend has emerged where Facebook passwords are stolen, accounts infiltrated and malware spread via multiple pathways without detection.
Responding to the need for improved endpoint security, Invincea Inc. recently released its Advanced Endpoint Threat Trends: May 2015, thefirst installment of a new monthly threat report which identifies advanced endpoint threat trends detected and blocked in the wild by the company. The report identified threats that are able to bypass traditional means of security, such as firewalls, antivirus and filters.
According to Invincea, endpoints are prime candidates for intrusion but are often left either unprotected or with minimal standards of protection. Attackers are aware of this, and are increasingly targeting vulnerabilities in these devices. However, end user awareness is still in its infancy despite the proliferation of advanced attacks rooted in end point security failures.
“Endpoint security has been around for a long time, typically in the form of antivirus, personal firewalls and antimalware solutions,” Patrick Belcher, Invincea’s director of malware analysis, told Homeland Security Today. “But these traditional protections are inadequate to deal with today’s advanced threats that use ever-changing hashes, employ AV and Antimalware evasion techniques, and even use zero-day exploits.”
The report stated that malvertising—malware spread via online advertising—remains a preferred method of attack on endpoints, as it can easily be distributed via Flash ads. In May, the report pointed out that one recent victim of malvertising was UK eBay, which inadvertently distributed malware this way.
“Just visiting a website with Flash-based malvertising or opening an attachment is all it takes to provide a launch point within a network for adversaries to gain a persistent footing,” Belcher said.
Malvertising attacks were also dropped on Japan’s Nikkei Stock Exchange website and other Japanese financial sites. The report noted that, “Given the inherent risk of running ads on a website (due to malvertising, etc.), it was eye-opening that a major international stock exchange would choose to monetize their news and analysis in this way.”
In addition, Invincia also detected a malware referred to as “Sleeper” Spamrun malware, which remains dormant for 6-plus hours to bypass activity-detecting security programs. Once awoken, the malware begins generating spam.
Invincea stated that based upon their analysis, it seems probable that adware and malware could begin sharing more interchangeable qualities. For example, adware could gather more specific demographic info, and like malware, remain present on PCs.
Toward the end of May, weaponized Word files dropped Nitlove Point of Sale malware, which steals credit card data generally when an individual is making an online purchase. At the same time, also being deployed were clickfraud botnets known to target search engines and then drive traffic to infectious websites; Pony info-stealer and banking Trojan, which take personal, banking and digital currency information; and Zbot, known to commandeer system and personal information.
As malvertizing, ransomware and assorted malware aim to create a stronger presence amongst endpoint devices, it’s becoming increasingly critical to know what to look for, appropriate methods for detection, and means to remove such damaging sources from hardware.
“Patching and updating end user applications on an enterprise scale is tough and sometimes apps simply can’t be patched or upgraded, because business applications are hard-coded to work with specific operating systems or browsers or Java versions,” Belcher noted.
“In addition, even fully patched systems are vulnerable to zero-day exploits.” Belcher added, “Enterprises know their endpoints are vulnerable, and have deployed container-based protection to millions of endpoints to guard against these kind of threats, which regularly defeat other security controls.”
