Most malvertising attacks come from news and entertainment sites
Since news and entertainment websites are amongst the most popular on the net, it's not surprising that they're more likely to play host malicious adverts.
A new report by Bromium Labs reveals that more than half of malvertising is unknowingly hosted on news and entertainment websites. 58 percent of online adverts with hidden malware were delivered through news websites (32 percent) and entertainment websites (26 percent). Major websites unknowingly hosting malvertising included cbsnews.com, nbcsports.com, weather.com, boston.com and viralnova.com.
Other findings from the report include that Flash exploits have increased 60 percent in the past six months. This is due to the rapid growth in availability of active exploit kits many of which now target Flash.
The growth of ransomware families has doubled each year since 2013, with nine new ransomware families emerging in the first six months of this year. Ransomware continues to grow, as cybercriminals realize it is a lucrative form of attack.
Malware is also getting better at evading detection. Bromium Labs analyzed malware evasion technology and found it is rapidly evolving to bypass even the latest detection techniques deployed by organizations, including antivirus, host intrusion prevention systems (HIPS), honeypots, behavioral analysis, network filters and network intrusion detection systems (NIDS).
"For the last couple years, Internet Explorer was the source of the most exploits, but before that it was Java, and now it is Flash; what we are witnessing is that security risk is a constant, but it is only the name that changes," says Rahul Kashyap, SVP and chief security architect, Bromium. "Hackers continue to innovate new exploits, new evasion techniques and even new forms of malware -- recently ransomware -- preying on the most popular websites and commonly used software".
The full report, Endpoint Exploitation Trends 1H 2015, is available from the Bromium Labs site.