Study: Conficker declared top threat of 2014, but N. America targeted mainly by AnglerEK
F-Secure Labs released a threat report for the last half of 2014 and found that North America wasn't receiving the brunt of Conficker attacks, as opposed to other parts of the world.
Although Conficker remained the top threat for the second half of 2014, multiple others, including the Angler Exploit Kit, began their ascent to the top spot, according to an F-Secure Labs report.
In its “Threat Report: H2 2014,” the company detailed the last six months of 2014 and determined that it was marked by the “increasing dominance of vulnerability-leveraging malware,” which Sean Sullivan, security advisor at F-Secure, said meant that there was a higher push for proactive prevention, rather than a direct increase in exploits.
“We have put significant focus on preventing ‘the open door' because cleaning up payloads is an ever increasing challenge,” he said in an email to SCMagazine.com. “An ounce of prevention is now worth a lot more than a pound of cure.”
Thirty-seven percent of detected threats were attributed to the Conficker worm during the last half of 2014, while 11 percent were attributed to Kilim, a family of malicious browser extensions, and 10 percent were attributed to Sality, a large family of viruses that infect EXE files.
North America, though, was primarily targeted by the Angler Exploit Kit and attacks exploiting Java vulnerability CVE-2013-2460. Both of these threats each accounted for 19 percent of documented attacks in the last half of the past year.
Sullivan believes Angler might be targeting North Americans because it's the exploit kit's primary customer base.
“Many kit service sellers don't want customers that may attract FBI attention,” he said. But this kit clearly isn't as worried about that possibility.
Also during the latter half of 2014, 17 new variants of Mac malware were discovered, including WireLurker, which Sullivan warned should be monitored because of it crossing over to iOS devices by abusing enterprise provisioning installation. It is distributed primarily through a third-party app store in China.
With these report findings in-hand, IT security professionals need to, more than anything, keep patching, Sullivan said. He also recommended testing “click-to-play” options for Adobe Flash Player, or having to manually click to play Flash content, rather than having it begin automatically.
“Flash Player is currently the low-hanging fruit that is being exploited,” he said. “Click-to-play is something that users should be willing to learn, and it has a silver lining – fewer annoying Flash-based ads.”