According to network giant Cisco, 100 percent of enterprises unknowingly host malware. But as a recent Websense Security Labs report revealed, threats like exploit kits and redirect attacks are also on the rise. Here’s what companies need to know.
Crimes of Opportunity
A CSO Online article from April 7 discusses the Websense Security Labs 2014 threat report, which states that cybercriminals’ attack methodologies are becoming more sophisticated.
Charles Renert, vice president of security research at Websense, noted that “while the determined, persistent attackers continue to have success in advanced, strategic attacks using zero-day exploits and advanced malware, there has also been a boom in cyber criminal activity on a massive scale.”
Perhaps the best examples of this burgeoning criminal economy come from exploit kits. Designed to take advantage of vulnerabilities in web browsers, the kits can compromise legitimate websites and send users to fake landing pages hosted by malicious servers. The end result? Malware infections.
The most popular kit used in recent years was called “Blackhole,” created by a hacker known as Paunch. Paunch was arrested in October 2013; without his expertise, Blackhole attacks became less frequent, thanks to an odd facet of the malware market: Just like their counterparts in web security, malware creators must provide a level of customer service to anyone who purchases their exploit kits. Bereft of Paunch’s “customer care,” his kit fell into disuse.
Neutrino uses two Java vulnerabilities to perform a drive-by download attack and infect computers. For example, CVE-2013-0431 allowed Java applets created by Neutrino to bypass the Java 7 update 11 using a malicious serialized file.
Meanwhile, Magnitude (once known as Popads), relies in part on CVE-2013-2463 and the Click2Play bypass.
The market for both kits remains strong: After Paunch’s arrest, the cost to rent a Neutrino-enabled personal server in Eastern Europe jumped to over $10,000 a month. More recently, Neutrino’s creator indicated he was willing to sell his code for $34,000.
Crimes of Direction
Redirection was another major threat over the last year, according to Websense. On average, compromised websites sent users through four redirects before landing on a malicious page, but the security company found that some exploits used up to 20 redirects to confuse browsers and obfuscate their trails.
A recent IT Business.ca article points out that redirects may become even more popular with the release of new generic top-level domains (gTLDs). It works like this: Many IT professionals choose to assign names — “conference.room1.network” for example — to networked computers rather than IP addresses.
Before the release of new gTLDs, accidental requests for this address outside a local network went nowhere. But now it’s possible for attackers to register *.network addresses and redirect traffic to malicious websites. According to OpenDNS, thousands of “misfired” queries have already been sent by home routers.
Bottom line? The Websense report puts it best: “85 percent of malicious links used in web or email attacks were located on compromised legitimate websites.”
For enterprises, protection against this kind of misuse starts with a reputable web host — one that offers next-gen security plug-ins in addition to basic threat detection. Companies are also well served by investments in real-time, behaviorally based threat-detection programs.
Security company Kaspersky recently released a real-time threat map that shows the number and type of infections occurring worldwide; businesses must be ready to respond in kind.
Exploit kits and redirect attacks are more popular than ever — companies need to know how to spot these threats and, more importantly, be prepared to take action.
[image: PashaIgnatov/iStock/ThinkStockPhotos ]