Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Cisco: Blackhole arrest cuts exploit-kit traffic, but don't let your guard down

Stephen Lawson | Aug. 6, 2014
Exploit kits of cybercrime tools fell into a big slump in the first half of this year after Russian authorities nabbed the alleged creator of the popular Blackhole kit, but users aren't necessarily safer.

Between 5 percent and 10 percent of all enterprise Web traffic involves so-called malvertising, judging by results from Cisco's CWS (Cloud Web Security) service. CWS analyzes all Web requests from customers around the world who want their traffic monitored for security reasons. CWS looked at 2 billion to 3 billion Web requests, Gundert said.

"This stuff is just rampant," he said. Purveyors of malicious ads buy their way onto legitimate sites through the same exchanges that distribute ordinary ads, paying to have their spots appear every few times the page is shown to a user, Gundert said. The exchanges try to prevent this, but it's hard because there's nothing malicious about the ads themselves, just the URLs that they send visitors to.

"What the evidence shows to date is, they have not been very successful in doing that," he said.

When hackers look for ways to attack, they usually go after Java, especially older versions of the architecture. Of all the indicators that computers had been compromised in the first half of the year, 93 percent pointed to a Java vulnerability, Cisco found. That was up from 91 percent in the previous six months.

Java is the target of choice because so many consumers and businesses use it, especially in browsers, and most don't update it when they need to, Gundert said. Those who do will get redirected to malicious sites just like anyone else, but their systems won't be compromised.

While updating Java is easy for consumers as long as they notice alerts of new versions, it can be more complicated for enterprises, Gundert said. They may have built complex and critical applications based on Java and can't quickly modify that code to run on the new version. It may take six months just to draft a migration plan, while more Java updates in response to new threats are likely to come in the meantime, he said. To help mitigate the dangers, Gundert advised enterprises to closely watch the Web traffic exiting their networks for evidence of exploitation.


Previous Page  1  2 

Sign up for Computerworld eNewsletters.