Content, Breach, Content, Malware

Shadow Brokers Archive Fuels Cybersecurity Attack Trends

Share

Cybersecurity now has a game changer and it’s not a good one: Exploit leaks in the wild led to more than five million cybersecurity attacks in Q2 2017.

What poured more gas on the fire than anything else? Shadow Brokers’ publication of the “Lost In Translation” archive, which contained a large number of exploits for different versions of Windows, was the kicker, according to Kaspersky’s Q2 Malware Report.

Most of those vulnerabilities weren’t zero-day catastrophes, and Microsoft had predated the leaks a month earlier with a security update. Nevertheless, Kaspersky said, the damage from malware using exploits from the archive as well as the number of infected users is “beyond counting.”

Let’s be clear: Exploits in the wild are the blight on the cybersecurity landscape. An exploit uses bugs in software to infect devices with additional malicious code such as banking Trojans, ransomware or cyber espionage malware, according to Kaspersky. They’re effective because they can deliver a payload with user interaction or suspicion.

Shadow Brokers: Lost in Translation Archive

It’s no wonder they’re fast becoming the go-to option for cybercrooks to steal money and use in sophisticated targeted attacks hunting for sensitive information.

With the “Lost in Translation” archive, the ExPetr and WannaCry outbreaks are the most noted but the CVE-2017-0199 vulnerability in Microsoft Office, discovered in early April, is not to be glossed over. Indeed, despite the fact that it was patched in the same month, the number of attacked users peaked at 1.5 million, according to Kaspersky. Overall, 71 percent of attacks on these users exploited the CVE-2017-0199 vulnerability.

The average number of attacks per day grew throughout Q2, with 82 percent of all attacks detected in the last 30 days of the period, the security company said.

“The threat landscape of Q2 provides yet another reminder that a lack of vigilance is one of the most significant cyber dangers, said Alexander Liskin, security expert at Kaspersky Lab. “While vendors patch vulnerabilities on a regular basis, many users don’t pay attention to this, which results in massive-scale attacks once the vulnerabilities are exposed to the broad cybercriminal community,” he said.

Q2 2017 Cybersecurity Report

Here’s how Kaspersky saw the Q2 security landscape (with some Q1 comparisons):

  • Some 342.6 million malicious attacks from online resources located in 191 countries were detected and repelled in Q2. This is fewer than in Q1, when 479.5 million malicious attacks from online resources located in 190 countries were found.
  • 33 million unique URLs were recognized as malicious by web antivirus components.
  • Attempts to steal money through online access to bank accounts were discovered on 224,675 user computers, down slightly from the 288,000 in Q1.
  • Crypto ransomware attacks were blocked on 246,675 unique computers, up slightly from the 240,799 found in Q1.
  • About 185.8 million unique malicious and potentially unwanted objects were found in Q2, up significantly from 175 million discovered in Q1.
  • On average, 17 percent of Internet-connected computers worldwide were attacked at least once using malware-class malicious objects.

Some mobile data:

  • 1.3 million malicious installation packages.
  • 29,000 mobile banker Trojan installation packages.
  • 200,000 mobile ransomware Trojan installation packages.

This is Kaspersky’s advice for how to lower the risk of infection:

  • Keep the software installed on your PC up to date, and enable the auto-update feature if it is available.
  • Wherever possible, choose a software vendor that demonstrates a responsible approach to a vulnerability problem. Check if the software vendor has its own bug bounty program.
  • Use robust security solutions and make sure they keep all software up to date.
  • Regularly run a system scan to check for possible infections.

You can read the full version of the Kaspersky Lab’s Malware Report on Securelist.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.

Related Terms

AdwareAttack Vector