Story image

Ransomware exploit kits pose huge risk for unpatched organisations

13 Oct 16

Ransomware exploit kits are making it easier for attackers to target enterprises, because they're so simple to enact and can target the neverending supply of network vulnerabilities, a new blog from Trend Micro says.

18% of known ransomware families being enacted through exploit kits, including 2013's CryptoLocker, Angler, Magnitude, Neutrino and Rig. With the stakes high, ransomware has already claimed US$209 million in demands, as well as data loss, organisational reputation and legal fines.

Trend Micro says that exploit kits require less user action and target vulnerabilities in popular software. These vulnerabilities can number in the hundreds. Trend Micro and the Zero Day Initiative have already discovered 473 vulnerabilities this year alone.

Trend Micro also says that vulnerabilities will always be present, particularly in organisations that use legacy systems or software. Zero-day vulnerabilities, which are able to escape detection, provide another hurdle for IT and security administrators.

The company believes that network protection is crucial, even if there are not yet security patches for zero-day exploits that have been embedded into kits.

Patch testing and keeping mission-critical systems online makes it more difficult for organisations to keep on top of threats perpetrated by exploit kits, the company says.

Patching can take 30 days or more, but is necessary for proper threat protection, Trend Micro states that Intrusion Protection Systems (IPS) are also critical for organisational protection, as they block zero-day and other vulnerabilities - even for unpatched ones.

Trend Micro recommends that in addition to IPS, organisations leverage a 'connected' threat defence strategy. The defence protection should include threat intelligence, security updates, anti-malware protection, anti-spam, firewall protection and mobile protection.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.