The modern online adversary is out to make money, not simply hack networks for the fun of it. In the Cisco 2015 Midyear Security Report, there’s yet more evidence that criminals are using tools with ever-increasing sophistication to steal valuable personal or financial data and sell it, coerce users into paying ransoms for their own data, and generally reap financial rewards for their exploits.
The Angler exploit kit continues to lead the market in terms of sophistication and effectiveness. As explained in the Cisco 2015 Midyear Security Report, Angler packs a significant punch because it uses Flash, Java, Internet Explorer, and Silverlight vulnerabilities to achieve its objectives. Angler is very effective, in part due to its ability to compromise users by using multiple vectors: Cisco found that 40 percent of users who encounter an Angler exploit kit on the web are compromised, compared to just 20 percent of users who encounter other widely used exploit kits.
Angler successfully fools users and evades detection with several innovative techniques. For example, as we discuss in the report, our researchers believe Angler’s authors use data science to create computer-generated landing pages that look normal enough to pass muster from heuristic scanners. In addition, Angler has recently started using “domain shadowing” to dodge detection—the exploit kit authors compromise a domain name registrant’s account, and then register thousands of subdomains under the legitimate domain of the compromised user. While domain shadowing isn’t new, we’ve monitored growing use of this technique since last 2014: according to our researchers, more than 75 percent of known subdomain activity by exploit kit authors since that time can be attributed to Angler. Continue reading “Midyear Security Report: Exploit Kits and Ransomware Get Creative”
Sometimes when the essence of something is so eloquently captured, there’s no need to say it any differently. That’s how I felt when I read 
