Ransomware exploit kits pose huge risk for unpatched organisations
Ransomware exploit kits are making it easier for attackers to target enterprises, because they're so simple to enact and can target the neverending supply of network vulnerabilities, a new blog from Trend Micro says.
18% of known ransomware families being enacted through exploit kits, including 2013's CryptoLocker, Angler, Magnitude, Neutrino and Rig. With the stakes high, ransomware has already claimed US$209 million in demands, as well as data loss, organisational reputation and legal fines. Trend Micro says that exploit kits require less user action and target vulnerabilities in popular software. These vulnerabilities can number in the hundreds. Trend Micro and the Zero Day Initiative have already discovered 473 vulnerabilities this year alone.
Trend Micro also says that vulnerabilities will always be present, particularly in organisations that use legacy systems or software. Zero-day vulnerabilities, which are able to escape detection, provide another hurdle for IT and security administrators.
The company believes that network protection is crucial, even if there are not yet security patches for zero-day exploits that have been embedded into kits.
Patch testing and keeping mission-critical systems online makes it more difficult for organisations to keep on top of threats perpetrated by exploit kits, the company says. Patching can take 30 days or more, but is necessary for proper threat protection, Trend Micro states that Intrusion Protection Systems (IPS) are also critical for organisational protection, as they block zero-day and other vulnerabilities - even for unpatched ones.
Trend Micro recommends that in addition to IPS, organisations leverage a 'connected' threat defence strategy. The defence protection should include threat intelligence, security updates, anti-malware protection, anti-spam, firewall protection and mobile protection.