Gone are the days where malware had a singular approach and purpose.
A new report released by Cisco sheds light on some of the ways malware creators have used vulnerabilities like the recent Flash zero day exploits to great effectiveness.
One that is particularly noteworthy is called Angler. It uses a combination of Flash, Java, Internet Explorer and Silverlight vulnerabilities and has features that include “fileless infection”, virtual machine and security product detection and is able to switch between various payloads including trojans, rootkits, ransomware, etc.
According to Cisco, Angler “excels at attempting to evade detection by employing domain shadowing as one of its techniques,” whereby it hijacks a user’s domain registration information to create subdomains from which it delivers malware.
This type of adaptive, almost “aware” malware seems to be the threat of tomorrow, with others, including an email-based “mutating campaign” called Dridex also able to change content, attachments, and more to avoid detection.
“The Angler Exploit Kit represents the types of common threats that will challenge organizations as the digital economy and the Internet of Everything create new attack vectors and monetization opportunities for adversaries,” the 2015 Midyear Security Report said.
In order to mitigate damage, Cisco emphasized that time to detection must be greatly reduced from hundreds of days down to hours.
“The innovation race between adversaries and security vendors is accelerating,” the report said.