Are Exploit Kits Doomed? New F-Secure Threat Report Says Yes
The 2015 Threat Report predicts the end of Flash exploits and discusses the re-emergence of macro malware, among other global trends and events from 2015.
Helsinki, Finland – March 10, 2016: Exploit kits face a disruptive future, according to F-Secure's new Threat Report for 2015. The report, released today, details the trends and events in global cyber threats that hit consumers and companies last year.
Prominent on last year's malware scene were the Angler and Nuclear exploit kits, both of which, like the other top exploit kits, mostly took advantage of vulnerabilities in Flash to do their dirty work. But Sean Sullivan, Security Advisor in F-Secure Labs, predicts in the report that Google Chrome will kill Flash support in early 2017, and Mozilla Firefox and Microsoft Edge will follow. Sullivan predicts that by spring of 2017, Flash will no longer bear fruit for exploit kit makers.
Exploits, which have become one of the most common vehicles for malware in the past decade, need out-of-date software in order to accomplish their goal of getting through security holes. But that software, Sullivan says, will be harder and harder to find. For example, with HTML 5's capability to "do it all", the need for third party browser plugins has mostly been eliminated. And today's browsers themselves are auto-updated, without the need for the user to intervene, so users always have the latest version.
Other programs don't offer much fruit. Microsoft's software is much more secure than it used to be, and patches roll out very quickly. Adobe's other software is more and more cloud based, rather than being local on people's machines. And browser developers have forced Java into a restricted place. So what will happen to exploit kits if there's no new fruit?
"Hopefully, they die," Sullivan says. "Wouldn't be the first time that a business model collapsed in the malware scene. Or they may focus on browsers, but then they'll need to find zero day vulnerabilities."
Macro malware re-appears
As exploit kits face an eventual decline, the report predicts that commoditized malware services will only accelerate their use of email attachment-based malware schemes. One such scheme is macro malware, which re-emerged in 2015 after lying low since the early 2000s.
Malware authors use the macro feature in Office to implant malicious code to documents they email as attachments. With Office 2003, Microsoft changed default settings to no longer run macros automatically, making attacks much more difficult. Today's macro malware attempts to get around Microsoft's default settings by displaying text in the open document that claims it is a "protected" document that requires the user to enable macros.
Other Notable Highlights from F-Secure's 2015 Threat Report:
· Police-themed ransomware decreased, but crypto-ransomware saw an increase in activity
· Worms accounted for a greater portion of malware (18%) than the previous year (10%)
· A look at the Dukes cyber espionage group through their years of employing malware to gather intelligence for the Russian Federation
· The most notable threats facing different countries and regions
· The top threats to Windows, Mac and Android operating systems
· Today's threats as viewed through the Chain of Compromise, a user-centered model that illustrates how cyber attacks compromise devices and networks
· The top vulnerabilities used by the top exploit kits in 2015
The full report can be downloaded from F-Secure's website.
F-Secure – Switch on freedom
F-Secure has been defending tens of millions of people around the globe from digital threats for over 25 years. Our award-winning products protect people and companies against everything from crimeware to corporate cyberattacks, and are available from over 6000 resellers and 200 operators in more than 40 countries. We're on a mission to help people connect safely with the world around them, so join the movement and switch on freedom!
Founded in 1988, F-Secure is listed on NASDAQ OMX Helsinki Ltd.
F-Secure media relations
+358 40 752 0688