Ransomware usage grows while app, browser and plug-In vulnerabilities increase, study shows

End-point security company Bromium have released their bi-annual Bromium Labs Threat Report, an analysis conducted by its research team on cyber attacks and threats affecting enterprise security over the last six months.

The findings show that as Microsoft has improved Windows security it seems to be paying off. The good news is while the number of vulnerabilities is steadily increasing, not all exploitable vulnerabilities are actually exploited. The bad news is, criminals are working harder to get protected data. As a result, there’s been an uptick in recent high-profile data breaches and ransomware attacks.

Key findings include:

 Vulnerabilities are on the rise, with 516 reported to the National Vulnerability Database in the first six months of 2016, compared to 403 vulnerabilities reported in all of 2015.

● Despite the spike in vulnerabilities, Bromium researchers found fewer exploitable vulnerabilities in popular software systems, including Adobe PDF (0 exploits), Chrome (0 exploits), Internet Explorer (2 exploits), Firefox (0 exploits), Java (0 exploits), Microsoft Office (2 exploits) and Silverlight (1 exploit) than in previous years. Bromium credits this to software vendors’ growing attention to security.

● The most notable exception for increasing exploits remains Adobe Flash, which had 31 exploits in the first half of 2016—up from eight exploits in all of 2015—a 74 percent increase. While some security vendors block Flash or have dropped support, Flash remains popular among end users and remains one of the top targets for criminals.


Neutrino and Rig are the most used exploit kits. Angler and Nuclear kits were on the list but disappeared in the first week of June. Industry experts believe crackdowns on cybercrime groups caused attackers to switch to Neutrino and Rig to keep malware campaigns going. Bromium researchers note this is likely, referencing a similar case in 2013 when the author of Black Hole (at the time the most used exploit kit) was arrested and attackers pivoted to Angler. Bromium Labs maintains that, despite crackdowns, attackers will continue to switch to other kits to keep attack campaigns running.

 The Bromium analysis confirms there’s a gold rush of ransomware happening now. Since the beginning of 2016, dozens of new ransomware families have been released into the wild. The current market leader is Locky, with 755 tracked instances infecting removable drives and RAM disks.

“As an industry, we’ve always said there’s no one silver bullet to address the complexities of attacks that are affecting our business. However, our latest research shows that enterprises and vendors alike are stepping up to do a better at securing their networks and data,” said Rahul Kashyap, EVP and chief security architect of Bromium. “But there’s still work to be done. Old attack tactics like phishing and watering holes persist, and new attack techniques are always emerging. Automated attacks are consistently bypassing anti-virus solutions; and malware is morphing every new instance in a network to bypass and therefore render AV useless.”


“Over the course of the next year, I expect attackers will continue to leverage social engineering tactics to exploit users. What’s abundantly clear from our report is that the need to implement instant protection, detection and remediation is more critical than ever,” added Kashyap.

The Bromium Labs Threat Report is based on the results of a comprehensive analysis of threats detected through the Bromium Platform, the industry-leading solution that provides complete defense-grade protection against zero-day malware and targeted attacks on the endpoint.

Download the full report at http://bit.ly/TR2016pt1.

Bromium is hosting a webinar featuring Rahul Kashyap discussing the results of the report on September 28th. Register here: http://bit.ly/ThreatWebinar2016

(Infographics: Bromium)