SOURCE: Bromium


January 14, 2016 12:00 ET

Bromium 2015 Threat Report Highlights Vulnerabilities and Exploits for Popular Applications

Flash Exploits Tripled and Ransomware Doubled; More Than a Quarter of Alexa 1000 Websites Served Malicious Ads

CUPERTINO, CA--(Marketwired - Jan 14, 2016) - Bromium®, Inc., the pioneer of threat isolation to prevent data breaches, today announced the publication of "Endpoint Exploitation Trends 2015," a Bromium Labs research report that analyzes the ongoing security risk of popular websites and software. The report highlights that software vulnerabilities and exploits in popular applications spiked in 2015 with vulnerabilities increasing nearly 60 percent and Flash exploits increasing 200 percent. The report also highlights common attack trends, including the resurgence of macro malware, the continuous growth of ransomware and the ubiquitous presence of malvertising.

"Attackers focus on high-value targets with the path of least resistance, which means that attack vectors may shift as previously vulnerable software implements new security to mitigate attacks," said Rahul Kashyap, EVP, Chief Security Architect. "We have seen Microsoft take great steps to improve the security of Internet Explorer and Windows, which has forced attackers to focus on Flash exploits, malvertising and macro malware delivered through phishing emails."

Key findings from "Endpoint Exploitation Trends 2015" include:

  • Vulnerabilities and Exploits Spiked in 2015 -- Vulnerabilities and exploits targeting popular software, including Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Adobe Flash, Oracle Java and Microsoft Office spiked in 2015. Vulnerabilities increased nearly 60 percent (from 733 in 2014 to 1,167 in 2015) and exploits increased nearly 40 percent (from 10 in 2014 to 14 in 2015). Adobe Flash exploits increased 200 percent (from four exploits in 2014 to 12 exploits in 2015).
  • Malvertising is Ubiquitous -- Bromium threat sensors identified malicious advertising (malvertising) attacks on 27 percent of the Alexa 1000.
  • Macro Malware Makes a Resurgence -- Macro malware masquerades as a legitimate Microsoft Office document with a seemingly legitimate macro that obfuscates the attack. Social engineering techniques, such as naming the file "Invoice Details," entice users to open the file, enabling the attack to succeed. The malicious code itself is hidden in large repositories of visual basic, making it difficult for behavioral analysis and antivirus scanners to detect it.
  • Angler Exploit Kit Most Popular -- Exploits kits are still the choice of attackers for launching malware. In 2015, exploits kits led by Angler EK, were up to date with the latest vulnerabilities and continue to innovate techniques to bypass network defenses. 
  • Ransomware Doubled in 2015 -- Ransomware has become one of the most common attack trends since 2013, increasing the number of ransomware families 600 percent (from two in 2013 to 12 in 2015). Ransomware families continue to innovate their distributions, with Cryptowall 4.0 adding encrypted file names and Cryptolocker Service leasing its malware as a service.

Download "Endpoint Exploitation Trends 2015" -

About Bromium, Inc.
Bromium is re-inventing enterprise security with its powerful new technology, micro-virtualization, which was designed to protect businesses from advanced malware by design, while simultaneously empowering users and delivering real-time threat intelligence to IT. Unlike traditional security methods, which rely on complex and ineffective detection techniques, Bromium protects against malware from the Web, email or USB devices, by automatically isolating each user-task at the endpoint in a hardware-isolated micro-VM, preventing theft or damage to any enterprise resource. Bromium's technological innovations have earned the company numerous industry awards. Bromium counts a rapidly growing set of Fortune 500 companies and government agencies as customers.

Visit Bromium:
Read the Bromium blog:
Follow Bromium on Twitter:
Follow Bromium on LinkedIn:

Contact Information