• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Security   »   2015 Third Quarter Security Threat Roundup

2015 Third Quarter Security Threat Roundup

  • Posted on:November 17, 2015
  • Posted in:Security
  • Posted by:Christopher Budd (Global Threat Communications)
0

The third quarter of 2015 (July – September) was a time where we saw some significant threat activity in the areas of Point of Sale (PoS) malware, vulnerabilities and sophisticated Pawn Storm attacks. In our third quarter security roundup, Hazards Ahead: Current Vulnerabilities Prelude Impending Attacks, we address all these activities.

In the area of PoS malware, we saw attacks increase. However, attackers have shifted their focus to the small and medium sized businesses (SMB). In this quarter, overall attacks nearly doubled compared with those in the second quarter (April – June) of 2015. In this quarter, SMBs accounted for 45 percent of the overall PoS malware detections worldwide, with consumers coming in at No. 2 with 27 percent. Enterprises accounted for just 19 percent. This trend reflects a common one in financial-focused attacks: SMBs represent the “sweet spot” for attackers with more money to steal than consumers but generally lacking the resources for more advanced security countermeasures that enterprises have available. In the United States, the run-up to the October 11, 2015 deadline for implementing EMV also likely plays a role, as larger organizations have the resources to pay for the necessary upgrades to support EMV.

The third quarter was also an important one in terms of vulnerabilities. We saw multiple zero day situations during this quarter due mainly to the successful attack against the Hacking Team in July and the dumping of nearly 400GB of their stolen data. Within that trove of data was information on multiple vulnerabilities that the Hacking Team had discovered (and was likely using in their tools). With the dumping of that data, vulnerability researchers, including those from Trend Micro, quickly set to work to find what vulnerabilities they could so that vendors could fix them quickly. All total, five new unpatched vulnerabilities were found in the Hacking Team trove, three of them found by Trend Micro researchers. These vulnerabilities mainly affected Adobe Flash but also Microsoft Windows. Unfortunately, attackers were also looking at this trove and were able to incorporate some vulnerabilities into Exploit Kits quickly, most notably the Angler Exploit Kit which incorporated one of the Adobe Flash vulnerabilities within days of the data dump.

Vulnerabilities affecting Android were also notable in this quarter, as researchers, including Trend Micro vulnerability researchers, turned to media processing in Android to find numerous, serious vulnerabilities. The best known of these is the “Stagefright” vulnerability that affected 95 percent of all Android devices. All total, five different vulnerabilities were found in media processing in Android in the third quarter and continue to be found. Our researchers found three new vulnerabilities affecting Android media processing that were fixed in the most recent Android security update.

The Pawn Storm attackers continued to be active in the third quarter as well and added to the zero day situation in the quarter. Trend Micro vulnerability researchers working with our Forward-Looking Threat Research Team (FTR) uncovered the first Java zero day attack in nearly two years being used by Pawn Storm attackers. We were able to work with Oracle to get this fixed quickly, but this also underscored how Flash and Java together remain prime targets for attackers. The Pawn Storm attackers let us and the world know they know we’re following them: in the third quarter they redirected some of their Command and Control (C&C) traffic back to an IP address on our network to send a message.

The heightened activity around vulnerabilities helped fuel increased activity around exploit kits. In particular, the Angler Exploit kit showed itself to be the most aggressive exploit kit this quarter. It incorporated the most attacks against new vulnerabilities of all the exploit kits (totaling 13 so far for 2015) and being the fastest to do so (as seen with the Hacking Team vulnerabilities). It also showed significant growth in the quarter, increasing its attacks by 34% compared with the second quarter of 2015 to be hosted by 2.4 million URLs.

This is just a taste of the trends we outline in this quarter’s threat report. The full report contains more details on these and other attack trends for the quarter.

If there’s a lesson from this quarter’s report, it’s that vulnerabilities are again an area of significant focus for attackers. Whether it’s more traditional vulnerabilities affecting Microsoft Windows users via Oracle Java and Abobe Flash or mobile users on the Android platform, attackers are turning to vulnerabilities and attacks against them once again for both broad attacks (via exploit kits) and targeted attacks (like in Pawn Storm). Looking ahead, good defensive planning should include countermeasures with tools like  Trend Micro™ Deep Security and Trend Micro™ OfficeScan (with Vulnerability Protection), which can protect against traditional attacks against PC-platform vulnerabilities, Trend Micro™ Security, Trend Micro™ Smart Protection Suites, and Worry-Free Business Security whose Browser Exploit Prevention feature can protect against web-based attacks, Trend Micro Mobile Security, which can help protect against attacks on the Android platform, and Trend Micro™ Deep Discovery whose existing Sandbox with Script Analyzer engine can help prevent many of these attacks out-of-the-box.

Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.

Related posts:

  1. Q3 2015: Angler Exploit Kit at the Top of the Heap
  2. Pawn Storm: Attackers Target MH17 Investigators, Syrian Rebels
  3. 2013 Annual Threat Roundup: Shadows on the Horizon?
  4. Third quarter data security: Mobile, sophisticated attacks persist

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Trend Micro Offerings Are FedRAMP Authorized and Available on AWS
  • Fujitsu and Trend Micro Demonstrate Solution To Secure Private 5G
  • Trend Micro Receives 5-Star Rating in 2021 CRN® Partner Program Guide
  • Smart Factory Cyber Attacks Knock Out Production for Days
  • Eliminate Hesitations: Security Simplified For Those Building In The Cloud
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.