Categories: MalwareSecurity

SERT Q4 2013 Threat Intelligence Report on threat landscape evolution

Solutionary security firm published SERT Q4 2013 Threat Intelligence Report to provide an overview of the overall threat landscape.

Recently Solutionary security firm published SERT Q4 2013 Threat Intelligence Report to provide an overview of the overall threat landscape, the document is the result of a research conducted over the last three months correlating events across devices for Solutionary clients globally.

In Q4, Solutionary SERT focused analysis on the most active malware distribution channels, its Research team collected a large number of samples from more than 12,000 Registrars, 22,000 ISPs and evaluated the detection level of 40 antivirus engines.

Malware binaries show many analogies,the bad news is that these malware is undetectable from over 40 anti-virus engines, cyber criminals use them to drop further malicious payload on the victims and more than half of malware found being distributed by HTML web pages.

Following the principal highlights:

  • Nearly all the binaries were 94% or better in similarity  based on fuzzy hashing, a process that compares files to  each other instead of a known signature.
  • All binaries were self-extracting archive files.
  • None of the binaries were detected as malicious by the  over 40 anti-virus engines tested.

Cloud computing is considered one of the paradigm that most of all are appreciated by marketers and IT industry, everything have to converge in the cloud and cyber criminals have noted it. Cyber criminal gangs even more use hosting providers like Amazon and GoDaddy to conduct illicit activities.

The result is disturbing, 44% of the entire cloud based malware distribution is located in the US, the giants Amazon and GoDaddy were the most popular for hosting malware.

“Now we have to maintain our focus not only on the most dangerous parts of the web but also on the parts we expect to be more trustworthy,” said Rob Kraus, director of research in Solutionary’s Security Engineering Research Team

Cloud services are mainly abused for malware distribution, cloud infrastructures are easily manageable and scalable being cost-effective.

Malware authors are using the big trusted cloud hosting platforms to rapidly serve malware, avoiding detection and geographic blacklisting through repeated changes  of IP and domain names.

According to SERT Q4 2013 Threat Intelligence Report, the malware authors are distributing malicious code from cloud Services from Amazon, GoDaddy and Google, the technique is effective and caused millions of infections all over the world. Amazon and GoDaddy are at the top of the chart, respectively, with a 16 percent and a 14 percent share.

The Cloud-based hosting services let malware distributors to avoid the detection because repeatedly changes IP addresses and domain names to avoid detection.

SERT Q4 2013 Threat Intelligence Report revealed that the majority of the top malware sites is domains commonly associated with the Potentially Unwanted Applications (PUA).

Resuming the key figures of the SERT Q4 2013 Threat Intelligence Report are:

  • United States hosts 4.6 times more malware than the next leading country.
  • Malware samples gathered in Q4 were undetectable from over 40 anti-virus engines tested.
  • 58% of malicious files obtained were identified as HTML files, 26% were directly executable.
  • Many malware developers and distributors are utilizing social engineering tactics, including the use of trusted keywords and services, to evade detection and increase potential infection counts.
  • A single malicious domain was spread across 20 countries, 67 providers and 199 unique IPs evade detection.
  • OVH and Amazon Web hosting services to distribute high volumes of DomaIQ adware.
  • Many malware developers and distributors are utilizing social engineering tactics, including the use of trusted keywords and services, to evade detection and increase potential infection counts.
  • Cloud hosters and service providers need to do more to prevent malicious use of their services.

SERT Q4 2013 Threat Intelligence Report closes with a series of simple and useful recommendations to Internet Service Provider (ISP), the document also includes a specific section on Server Vulnerabilities, a growing number of cyber attacks targeted cloud hosting server so it is crucial to have a clear idea of the principal cyber threats and how to mitigate the risk of exposure.

Pierluigi Paganini

(Security Affairs –  SERT Q4 2013, Security)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco warns of password-spraying attacks targeting Secure Firewall devices

Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services…

15 mins ago

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…

4 hours ago

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

18 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

1 day ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

2 days ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

2 days ago

This website uses cookies.