Cybercriminals may be forced to look beyond exploit kits to alternative infection channels in the near future as Flash becomes increasingly marginalized, according to F-Secure’s new Threat Report for 2015.
F-Secure Labs security adviser, Sean Sullivan, wrote in the report that most major exploit kits like Angler and Nuclear rely on taking advantage of vulnerabilities in the ‘lowest hanging fruit’ currently around – Adobe Flash.
By December 2015, Angler EK was listed as the fourth most prevalent threat seen by the Finnish security firm behind the Gamarue trojan, Dorkbot worm and Njw0rm worm.
In the UK in particular, Angler EK, along with Trojan:W97M/MaliciousMacro and Trojan:JS/Redirector were among the most reported highly reported threats in 2015.
“Adobe’s Flash is the last ‘best’ plugin still standing for exploit kits to target,” Sullivan argued. “But for how long?”
He predicted that with Amazon and Google switching off Flash ads and the lack of support on iOS and other platforms, it’s only a matter of time before the major browsers force users to whitelist any sites requiring Flash.
But while this will “decapitate” exploit kits as we know them, cybercriminals will likely focus their attention on other channels such as malicious email attachments like macro malware, he claimed.
Another option is .zip files with malicious JavaScript attachments, Sullivan told Infosecurity by email.
“Whatever technique works, it won't need to be as persistent as today if extortion [via ransomware] continues to trend. Get in fast, determine valuable files, and encrypt,” he argued.
“Perhaps it will return to being a race to reverse patches in an attempt to target those who have yet to patch. A smaller window of opportunity, but what does that matter if malware manages to encrypt your files before that? Prevention is critical and it will become more so.”
In the meantime, the same advice should be applied to mitigate the threat of exploit kits: update software as soon as a patch becomes available.