If there’s a phrase to sum up the threat environment that our researchers at TrendLabs have outlined for the first quarter of 2015 it’s that everything old is new again.
The three most notable threats for the first quarter aren’t new threats. Bad ads, cryptoransomware and macro malware are all well-known threats from past years. But don’t let their age fool you: these threats have come back stronger and more malicious than ever. The prevalence and success of these threats shows again that innovation isn’t restricted to developing new threats in new arenas: it’s also in taking old threats and improving them to succeed against the security protections that once thwarted them.
Take bad ads or malvertisements for example. This term refers to attacks where third-party ad servers that are used by trusted and legitimate websites have been subverted to serve up malware in addition to ads. This type of attack has been around for years. But in the first quarter of 2015 we saw attackers take up malvertisements once again with a vengeance, this time by targeting zero-day vulnerabilities using the destructive capabilities of tools like the Angler Exploit Kit. While malvertisements and zero-day vulnerabilities aren’t new problems, bringing exploit kits to bear has given these threats a new lease on life.
The same is the case with cryptoransomware. After dropping out of sight and mind in the second half of 2013, ransomware began a comeback in the last quarter of 2014 and continued it into 2015. And within the ongoing resurgence of ransomware, cryptoransomware, the most destructive form of all, rocketed to account for nearly half of all ransomware infections and marked a four-fold increase in infections compared to the first quarter of 2014.
If more proof that oldies can still be goodies from an attacker’s perspective, macro malware has made a surprising and alarming comeback. Nearly 20 years have passed since the Word Concept virus showed how macros can be used to make malware. And yet, attackers are showing that social engineering still trumps security protections by leading potential victims by the hand to assist in their own infection by bypassing security controls that have protected against this class of malware for years.
Of course these aren’t the only threats we saw in the first three months of 2015. For example malicious and high-risk apps continue to be a problem on the Android platform with more than 5 million threats found to date as of March 2015. And nine years after Bill Gates promised we would eliminate spam, it’s still a problem and worse than ever.
So far, 2015 is showing that threats are never fully eradicated. Sometimes they just need some time to evolve in the wild to adapt and thrive in the new threat environment.
Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.