SOURCE: Invincea


August 12, 2015 09:00 ET

Invincea Research Details Latest Endpoint Threats Including the Billion Dollar Malvertising Problem

Network Sandbox-Evading Malware Assembly, Weaponized Office Files, and Common Spear-Phishing Tactics in Anthem and White House Breaches Reveal Severe Endpoint Risks

FAIRFAX, VA--(Marketwired - Aug 12, 2015) - Invincea, Inc., the leader in advanced endpoint threat protection, today announced the release of its 1H 2015 Advanced Endpoint Threat Report, highlighting the most severe threats Invincea has observed consistently defeating security technologies in the first six months of 2015. Invincea detected and blocked malvertising attacks representing 2.1 million malicious advertisements, which on an annualized basis are estimated to cause more than $1 billion of damage. With two million users running Invincea Advanced Endpoint Protection globally, Invincea has a uniquely broad view into the latest attack techniques that have evaded other network and endpoint defenses, such as just-in-time (JIT), on-host malware assembly.

"Our latest research shows the relentless innovation of threat actors' techniques that in turn highlights the inadequacy of most organizations' network defenses. This is consistently leading to intellectual property loss, costly remediation, loss of employee productivity, and reputational harm," said Invincea Founder and CEO Anup Ghosh. "The endpoint is today the pivotal battleground in security, as both traditional anti-virus and newer network security controls are blind to now common attack techniques used in pervasive cyber-crime, industrial espionage, and nation-state campaigns."

Online attacks against employees and other end users remain the most effective way to compromise an organization, due to the consistent success of spear-phishing campaigns and malvertising, and the relative ease of compromising web servers to distribute malware. Invincea's 1H 2015 Advanced Endpoint Threat Report highlights that these now common threats are consistently defeating layered security measures such as network sandboxes, next-generation firewalls, Web URL filters and proxies, and traditional anti-virus solutions.

Key trends identified in today's report include:

The billion dollar malvertising problem: Invincea detected and blocked approximately 2,100 malvertising attacks against customers, representing 2.1 million malicious advertisements. Invincea estimates this caused $525 million of damage in repair and recovery expense, excluding the impact of any data breaches. On an annualized basis, the malvertising campaigns Invincea observed generate more than $1 billion in damage per year. Malvertising was observed affecting visitors of major Web sites including, The Weather Channel, eBay UK, Zillow, and many more.

The rapid emergence of just-in-time (JIT) malware assembly: This novel attack method builds malware executables on targeted machines, using native Windows utilities from those machines to assemble their malicious payloads. By creating malware from seemingly benign components directly on target endpoints, JIT assembly bypasses network sandbox defenses that look for complete executables in network traffic. Network defenses are largely blind to JIT malware because there is no single payload reaching end users that looks or acts malicious -- only fragments of innocent looking code.

Advancement of weaponized Microsoft Office documents: Word, Excel and PowerPoint vulnerabilities were exploited by multiple criminal gangs via weaponized documents sent in spear-phishing emails during the first half of 2015. Adding a new twist to malware delivery via e-mail attachments, adversaries are using Visual Basic scripts available on Pastebin and elsewhere to flexibly adapt weaponized documents to distribute botnet, banking Trojan and click-fraud malware. Reflecting a "plug and play" level of exploit commercialization, multiple threat actors were observed delivering Dridex, Dyreza, Pony, Zeus and Zbot malware families through this vector.

White House and Anthem breaches: Advanced adversaries with common approaches: Recent spear-phishing initiated attacks against the White House and health insurer Anthem shared key common attributes. In each case, employees were lured into clicking on malicious content that enabled the threat actors to gain a crucial beach-head on the targeted networks. Once the malicious attachments were opened, Trojan backdoors were silently installed on the endpoints. These incidents prove that highly security-aware users are still fallible, and that even advanced adversaries do not necessarily use zero-day exploits when a far simpler approach -- spear-phishing with known exploits -- can be just as effective.

Invincea's analysis shows that not only were the Anthem and White House attack vectors nearly identical, but the malware employed in each attack was also similar, although customized to avoid detection by traditional security tools. This raises the question of whether two different advanced threat actors used largely off-the-shelf malware.

The full report can be downloaded at

Unlike security tools that rely on signatures, whitelists, or retrospective analysis of accumulated data, Invincea Advanced Endpoint Protection isolates endpoint attacks in a secure virtual container and also identifies existing compromises using cloud-based analytics and machine learning. The two million endpoints running Invincea worldwide provide Invincea researchers an invaluable vantage point for studying attacks that pierce other layered defenses and reach the endpoint, where they typically defeat conventional host-based defenses.

Follow Invincea:
Invincea Blog:
Twitter: @Invincea

About Invincea, Inc.
Invincea is the leader in advanced endpoint threat protection for enterprises worldwide. The company provides the most comprehensive solution to contain, identify, and control the advanced attacks that evade legacy security controls. Invincea protects enterprises against targeted threats including spear-phishing and Web drive-by attacks that exploit Java, Flash, and other applications. Combining the visibility and control of an endpoint solution with the intelligence of cloud analysis, Invincea provides the only market-deployed solution that defends against 0-day exploits, file-less malware, and previously unknown malware. The company is venture capital-backed and based in Fairfax, VA. For more information, visit

Contact Information