Cisco said that hackers are becoming more sophisticated in their attacks and security teams aren’t quite keeping up with them, as a whole, and hackers are making more than ever in their attacks.
“At a high level, we’re seeing big changes in attack behavior. Our adversaries are becoming more agile and are adapting faster to the security industry than ever before. We’re seeing this with exploit kits, ransomware and others. The reason for this, we think, is that it’s so much easier to monetize malware these days,” Cisco security outreach manager Craig Williams told eWEEK.
Crypto-currencies, like Bitcoin, are creating an environment where it is significantly easier for intrusive hackers to monetize their attacks, especially around the use of ransomware, Cisco said. They also attack on what they call faucets. You can get and learn how to get free bitcoins on those sites.
“At a minimum, ransomware is now a couple hundred dollars (to pay the ransom and get the data back). Instead of a couple hundred dollars per 1,000 users, it’s a couple hundred per user,” Williams told eWeek.
At the center of the issue is the wealth of security tools users have that operate poorly with eachother and leave holes that can be exploited. And exploiting these holes is getting easier as exploit kits and ransomware become easier to acquire.
Cisco gave direct attention to exploit kits, easy to pick-up software packages that enable more users to engage in attacks. One particular kit, called Angler, received special attention from the group.
“Angler’s use of Flash, Java, Microsoft Internet Explorer, and even Silverlight vulnerabilities makes this exploit kit the “1 to watch,” say Cisco researchers,” Cisco said in the report.
Ransomware is also seeing incresed use, Cisco said, which involves files being encrypted and held until a fee is paid to release the data.
Hackers are still hiding behind Tor and other anonymous browsing tools as well, making it easier for them to communicate under-the-radar, Cisco said.
On the other end, attacks through Java-related exploits are on the decline, Cisco said, but flash vulnerabilities are still at the heart of many attacks.