Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Zero-Day Vulnerabilities Rose in 2014: Symantec

Two hundred and ninety-five – that is the combined total of days attackers were actively exploiting the five most targeted zero-days last year before they were patched, according to a new report from Symantec.

Two hundred and ninety-five – that is the combined total of days attackers were actively exploiting the five most targeted zero-days last year before they were patched, according to a new report from Symantec.

In its latest Internet Security Threat Report, Symantec painted a picture of a banner year for zero-day exploits. According to the firm, not only did zero-days increase, the exploitability window did as well, as it took an average of just four days apiece for the top five zero-days exploited in 2013 to be patched.

“Within four hours of the Heartbleed vulnerability becoming public, Symantec saw a surge of attackers stepping up to exploit it,” according to the report. “Reaction time has not increased at an equivalent pace. Advanced attackers continue to favor zero-day vulnerabilities to silently sneak onto victims’ computers, and 2014 had an all-time high of 24 discovered zero-day vulnerabilities. As we observed with Heartbleed, attackers moved in to exploit these vulnerabilities much faster than vendors could create and roll out patches.”

While attackers leveraged zero-days, they also continued to hit networks with targeted spear-phishing attacks. According to Symantec, those attacks increased by eight percent in 2014. Attackers appear to have gotten more precise as well – 20 percent fewer emails were used to successfully reach their targets. They also incorporated more drive-by malware downloads and other web-based exploits.

“In 2014, we saw attackers trick companies into infecting themselves by Trojanizing software updates to common programs and patiently waiting for their targets to download them,” bloogged Kevin Haley, director of product management for Symantec Security Response. “Once a victim had downloaded the software update, attackers were given unfettered access to the corporate network. Highly-targeted spear-phishing attacks remained a favorite tactic for infiltrating networks, as the total number of attacks rose eight percent. What makes last year particularly interesting is the precision of these attacks. Spear-phishing attacks used 20 percent fewer emails to successfully reach their targets and incorporated more drive-by malware downloads and other web-based exploits.”

The year also saw an increase in ransomware attacks, which grew 113 percent last year. In particular, there were 45 times as many victims of crypto-ransomware attacks than in 2013, according to the report. In a recent survey from ThreatTrack Security, 30 percent of the 250 organizations polled said they would negotiate with a cyber-criminal to get their data back.

“Instead of pretending to be law enforcement seeking a fine for stolen content, as we’ve seen with traditional ransomware, crypto-ransomware holds a victim’s files, photos and other digital media hostage without masking the attacker’s intention,” Haley blogged. “The victim will be offered a key to decrypt their files, but only after paying a ransom that can range from $300-$500 with no guarantee their files will be freed. While these attacks have traditionally only plagued PCs, we’re seeing more ransomware crop up on other devices. Notably, we observed the first piece of crypto-ransomware on Android devices in 2014.”

 

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Vulnerabilities

Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Vulnerabilities

GoAnywhere MFT users warned about a zero-day remote code injection exploit that can be targeted directly from the internet