Virtualization Technology News and Information
VMblog's Expert Interviews: Vadim Kotov of Bromium Talks Malware, Ransomware and Security Threats


Have you checked out the Bromium 2015 Threat Report that was announced yesterday?  If you haven't, I definitely invite you to do so, as it provides a number of very interesting pieces of insight into the latest malware techniques and security trends witnessed over the last year.  Some of the key findings include:

  • Active underground zero-day exploitation ‘for hire’ came under public scrutiny with the Hacking Team data exfiltration
  • Adobe Flash was one of the most exploited user-initiated applications on the endpoint
  • Exploit kits continue to thrive as the most sought after means to deploy malware—now built with more capabilities to bypass traditional network based detection technologies
  • Macro-based malware embedded in Word documents sent through phishing e-mails is on the rise

To dig into the report deeper, I reached out to Vadim Kotov, Senior Security Researcher at Bromium, and asked a few questions.

VMblog:  What was the most surprising finding from the research?  And why?

Vadim Kotov:  While Adobe Flash vulnerabilities and exploits are not new, they did see a huge spike in 2015, specifically, a 200 percent increase. This should be at the forefront of CSO's and security teams' minds given the prevalence of Flash in the enterprise. The continued rise of malvertising is also of note, as it became so rapid and high-impact, largely due to its attacks on high-profile websites. Drilling down further, this year alone, there were malvertising attacks on more than a quarter of the Alexa 1,000. This class of attacks is fascinating as it represents a perfect symbiotic relationship between two discrete technologies that end up producing such detrimental effects.

Ransomware was also hugely profitable in 2015, and we'll certainly see more of this in 2016, especially from market leaders like Cryptowall and Teslacrypt. Another interesting result of the report was the increase in macro-malware. We're no strangers to social engineering, though I believe the dramatic increase is likely a reaction to increasing product security measures.

VMblog:  What do 2015's threats mean for enterprises in 2016?

Kotov:  2015 was easily one of the biggest years for cybersecurity -- from Hacking Team and surveillance Trojans, to the surge in ransomware and malvertising, enterprises are facing attacks on all fronts. The trends in the threat landscape in 2015 demonstrate that while malicious actors are seeking more numerous and creative ways to penetrate a network, they're also looking back into their toolbox. In 2016, we'll see the effects of enterprises adapting to security and how hackers respond. For example, in 2015, we saw people beginning to block Flash. I think people will eventually use less Flash and more IE, which could result in more attempted attacks on IE and more email spam.

VMblog:  Why is Flash seeing such a dramatic increase in vulnerabilities and exploits?

Kotov:  Flash experienced a dramatic spike in vulnerabilities and exploits for many reasons. First, it is widely used and many users will click to enable Flash without giving it a second thought. This widespread use is one of the reasons that malvertising can be so effective. Secondly, security is cyclical; attackers will always target the weakest link. Most recently, we saw Java vulnerabilities spike, but are now witnessing a nadir. For example, Internet Explorer has improved its attack mitigations, which drive attackers to find more easily exploitable technology; today, this is Flash.

VMblog:  Ransomware saw a major upswing in 2015, why is that? Are there any specific distribution techniques that are particularly tricky?

Kotov:  The number of ransomware families has increased 600 percent since 2013. It's become one of the most common attack trends, and we're witnessing malicious hackers continuously innovate on this attack.

Ransomware first targeted individuals in late 2013 and early 2014, but as hackers realized the opportunity to target the enterprise, it's become top tactic for them. If you think about this from a hacker's perspective, the personal files of an individual yield little to no profitable information. On the other hand, company data and files held at ransom have the higher likelihood of being valuable, and will more often be more profitable to hackers with ransoms set at much higher rates that enterprises are forced to pay.

Ransomware is distributed through every possible attack vector, from email spam and macro malware to drive-by downloads and malvertising. In 2015, ransomware also evolved to introduce a "service" model that enables malicious actors to obtain ransomware for free, by paying its creator a "royalty" for each ransom paid.

VMblog:  How should these findings impact security programs?

Kotov:  In this Bromium Threat Report, we revealed how hackers both evolved their attack techniques and deferred back to old tactics to target enterprise networks. The landmark data points are around the spike in software vulnerabilities and exploits, which increased nearly 60 percent. This is an obvious first step for security in terms of priorities to address. With the rise in macro-malware that targets users, there must be more education around security. Malicious hackers will find any inroad they can, and security programs must be capable of adapting to be successful. The most important thing to realize is that malware is hiding in plain sight: it is spammed through email as malicious documents and embedded in advertisements in some of the most popular web sites on the Internet.

VMblog:  What needs to be done to protect the enterprise from today's threat landscape?

Kotov:  The threat landscape will continue to evolve, and this should be taken as a fact. Enterprises should understand three things in approaching security. First, software will always contain bugs, so we must take a more proactive approach to security. The more software in the enterprise, the more bugs exist. Second, IT and developers are fallible. Not to mention, enterprise tech users are vulnerable and gullible.

Given this, it's easy to see that the more software introduced into a network, the greater the attack surface becomes. Any successful security solution must fundamentally change the way security is provided by reducing the attack surface and decreasing software surface areas for attack.


Once again, I'd like to thank Vadim Kotov, Senior Security Researcher at Bromium, for taking time out to speak with VMblog about their latest findings.  And I want to invite everyone to also check out the full report for themselves.

Published Friday, January 15, 2016 6:44 AM by David Marshall
Don???t Be a Victim of Malvertising: Stay Safe with These Tips – - (Author's Link) - May 18, 2016 6:09 PM
Don???t Be a Victim of Malvertising: Stay Safe with These Tips | Terra Rogue - (Author's Link) - May 18, 2016 6:46 PM
Don t Be a Victim of Malvertising: Stay Safe with These Tips My Tricks – My Tricks - (Author's Link) - April 16, 2017 7:41 PM
Don’t Be A Victim Of Malvertising: Stay Safe With These Tips - IXSDAILY - (Author's Link) - June 5, 2018 8:26 AM
What Is Malvertising and How Can You Prevent It? – GetRwanda - (Author's Link) - March 21, 2019 1:16 PM
What Is Malvertising and How Can You Prevent It? | Rivershout - (Author's Link) - March 21, 2019 1:49 PM
What Is Malvertising and How Can You Save you It? – Tech Podcasts - (Author's Link) - March 21, 2019 3:02 PM
What Is Malvertising and How Can You Prevent It? – Desire Tech - (Author's Link) - March 21, 2019 3:25 PM
What Is Malvertising and How Can You Prevent It? – MasMaz - (Author's Link) - March 21, 2019 10:41 PM
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2016>