SOFTWARE DEVELOPERS TIGHTEN SECURITY BUT RANSOMWARE GOLD RUSH CONTINUES
Security experts have warned of a ransomware “gold rush”, with cyber criminals flocking to make money from the schemes.
Bromium’s latest threat report has shown an “explosion” of the malware, which encrypts users’ files and demands payment to restore access.
It said dozens of new families have been released this year, with Locky leading the way with 755 tracked instances of infecting removable drives and RAM disks.
Cyber security experts recently warned that the criminals behind ransomware campaigns are making millions, and the Internet of Things is their next target.
Overall, the report found vulnerabilities are on the rise, with 516 reported to the US government’s National Vulnerability Database in the first six months of the year, compared to the 403 vulnerabilities reported in the whole of 2015.
Despite this, major software seems to be becoming more secure. There were no exploitable vulnerabilities found in Adobe’s PDF applications, Google Chrome, Firefox or Java.
Meanwhile, two were found in Internet Explorer and Microsoft Office, and one was found in Silverlight. The researchers said this shows vendors are paying more attention to security.
However, the “notable exception” to this rule was once again Adobe Flash, which had 31 exploits in the first half of 2016 – up from eight flaws in the whole of 2015.
“As an industry, we’ve always said there’s no one silver bullet to address the complexities of attacks that are affecting our business,” said Rahul Kashyap, EVP and chief security architect at Bromium. “However, our latest research shows that enterprises and vendors alike are stepping up to do a better at securing their networks and data.
“But there’s still work to be done. Old attack tactics like phishing and watering holes persist, and new attack techniques are always emerging. Automated attacks are consistently bypassing anti-virus (AV) solutions, and malware is morphing every new instance in a network to bypass and therefore render AV useless.
“Over the course of the next year, I expect attackers will continue to leverage social engineering tactics to exploit users. What’s abundantly clear from our report is that the need to implement instant protection, detection and remediation is more critical than ever.”