[1Q 2015 Security Roundup] Bad Ads and Zero Days: Reemerging Threats Challenge Trust in Supply Chains and Best Practices
Best practices are failing. No matter how good you are at sticking to them, they can no longer guarantee your safety against the simplest threats we saw last quarter. Malicious advertisements are in the sites you frequent, data-leaking apps come preinstalled in your gadgets, and data-encrypting malware run silently in your office networks. Even the macro threats that were supposedly long gone are now back in the wild. Today’s threats leave zero room for error.
For instance, we saw a surge in malvertisements—pesky online ads users normally consider more annoying than dangerous. But at the start of the year, we found that bad guys have found various ways to abuse these advertising platforms to deploy malware. These malicious advertisements, displayed on legitimate websites, exposed users to zero-day exploits. Regardless if these users followed good security practices like visiting only trusted sites and patching their software, since the malvertisements were displayed in reliable sites and used zero-days, they would’ve still been infected.
Figure 1. Malvertisements redirected victims to sites that automatically infected their computers with various kinds of malware such as BEDEP and ROZENA.
In the same vein, critical security issues were found in Superfish, an ad-related browser add-on pre-installed in consumer-grade Lenovo laptops. Considering that this add-on was pre-installed—making it invasive by default—Superfish also had the capability to alter search results based on users’ browsing histories. What made Superfish more alarming, however, was that it was not securely designed. This created opportunities for bad guys to launch man-in-the-middle attacks.
The uptick in macro malware last quarter, on the other hand, proved that we can’t let old threats slip out of our minds just yet. The number of macro malware in Microsoft® Word files more than doubled since the last quarter of 2014. This showed a clear trend in cybercriminals’ weapons of choice.
Figure 2. The number of macro malware infections has been constantly increasing since the first quarter of 2014. This could be attributed to the release of new variants and the rise in number of spam carrying malicious-macro-laden attachments.
Targeted Attacks and Breaches Ramp Up Tools and Targets
Operation Pawn Storm, an ongoing economic and political cyber-espionage operation exploited vulnerable iOS™ devices to infiltrate target networks. The use of mobile malware isn’t new, but Pawn Storm was the first to target iOS devices.
Both the retail and healthcare industry were hit hard with data breaches last quarter. PoS malware attacks remained prominent threats to retailers, while health care service providers such as Premera Blue Cross and Anthem, experienced data breaches that exposed nearly a hundred million customer and employee records combined.
Is Security Fated to Rely on Luck?
When thinking about security, there are always loopholes to consider, especially if the threats aren’t within your control. Threat communications manager Christopher Budd reiterates this in the case of malvertisements: “More than any other threat, malvertisements can hurt people even when they’re doing all the right things. Malvertisements can affect people who don’t click links, have fully updated security solutions, and only go to trusted sites. In short, there’s no amount of caution that can protect you from malvertisements, just luck.”
The best defense, in light of all this, is to equip yourself with the right threat intelligence and keep adjusting the way you implement security. Traditional best practices may no longer work, but if they continue to evolve with today’s threats, you may still have a fighting chance.
Read our 1Q 2015 Security Roundup here.