Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Malware

SERT Q4 2013 Threat Intelligence Report on threat landscape evolution

Solutionary security firm published SERT Q4 2013 Threat Intelligence Report to provide an overview of the overall threat landscape. Recently Solutionary security firm published SERT Q4 2013 Threat Intelligence Report to provide an overview of the overall threat landscape, the document is the result of a research conducted over the last three months correlating events across devices […]

SERT Q4 2013 Threat Intelligence Report on threat landscape evolution

Solutionary security firm published SERT Q4 2013 Threat Intelligence Report to provide an overview of the overall threat landscape.

Recently Solutionary security firm published SERT Q4 2013 Threat Intelligence Report to provide an overview of the overall threat landscape, the document is the result of a research conducted over the last three months correlating events across devices for Solutionary clients globally.

In Q4, Solutionary SERT focused analysis on the most active malware distribution channels, its Research team collected a large number of samples from more than 12,000 Registrars, 22,000 ISPs and evaluated the detection level of 40 antivirus engines.

Malware binaries show many analogies,the bad news is that these malware is undetectable from over 40 anti-virus engines, cyber criminals use them to drop further malicious payload on the victims and more than half of malware found being distributed by HTML web pages.

Following the principal highlights:

  • Nearly all the binaries were 94% or better in similarity  based on fuzzy hashing, a process that compares files to  each other instead of a known signature.
  • All binaries were self-extracting archive files.
  • None of the binaries were detected as malicious by the  over 40 anti-virus engines tested.

Cloud computing is considered one of the paradigm that most of all are appreciated by marketers and IT industry, everything have to converge in the cloud and cyber criminals have noted it. Cyber criminal gangs even more use hosting providers like Amazon and GoDaddy to conduct illicit activities.

The result is disturbing, 44% of the entire cloud based malware distribution is located in the US, the giants Amazon and GoDaddy were the most popular for hosting malware.

SERT Q4 2013 Threat Intelligence Report malware hosting countries

“Now we have to maintain our focus not only on the most dangerous parts of the web but also on the parts we expect to be more trustworthy,” said Rob Kraus, director of research in Solutionary’s Security Engineering Research Team

Cloud services are mainly abused for malware distribution, cloud infrastructures are easily manageable and scalable being cost-effective.

Malware authors are using the big trusted cloud hosting platforms to rapidly serve malware, avoiding detection and geographic blacklisting through repeated changes  of IP and domain names.

According to SERT Q4 2013 Threat Intelligence Report, the malware authors are distributing malicious code from cloud Services from Amazon, GoDaddy and Google, the technique is effective and caused millions of infections all over the world. Amazon and GoDaddy are at the top of the chart, respectively, with a 16 percent and a 14 percent share.

SERT Q4 2013 Threat Intelligence Report malware hosting providers2

The Cloud-based hosting services let malware distributors to avoid the detection because repeatedly changes IP addresses and domain names to avoid detection.

SERT Q4 2013 Threat Intelligence Report revealed that the majority of the top malware sites is domains commonly associated with the Potentially Unwanted Applications (PUA).

Resuming the key figures of the SERT Q4 2013 Threat Intelligence Report are:

  • United States hosts 4.6 times more malware than the next leading country.
  • Malware samples gathered in Q4 were undetectable from over 40 anti-virus engines tested.
  • 58% of malicious files obtained were identified as HTML files, 26% were directly executable.
  • Many malware developers and distributors are utilizing social engineering tactics, including the use of trusted keywords and services, to evade detection and increase potential infection counts.
  • A single malicious domain was spread across 20 countries, 67 providers and 199 unique IPs evade detection.
  • OVH and Amazon Web hosting services to distribute high volumes of DomaIQ adware.
  • Many malware developers and distributors are utilizing social engineering tactics, including the use of trusted keywords and services, to evade detection and increase potential infection counts.
  • Cloud hosters and service providers need to do more to prevent malicious use of their services.

SERT Q4 2013 Threat Intelligence Report closes with a series of simple and useful recommendations to Internet Service Provider (ISP), the document also includes a specific section on Server Vulnerabilities, a growing number of cyber attacks targeted cloud hosting server so it is crucial to have a clear idea of the principal cyber threats and how to mitigate the risk of exposure.

Pierluigi Paganini

(Security Affairs –  SERT Q4 2013, Security)