According to a new report by endpoint security specialist Invincea malvertising is causing more than $1 billion (£640 million) worth of damage each year.
Based on data gathered in the first six months of this year, the company detected and blocked approximately 2,100 malvertising attacks against its customers, representing 2.1 million malicious advertisements. Invincea estimates this caused $525 million (£336 million) of damage in repair and recovery expense, excluding the impact of any data breaches.
Other trends identified include the emergence of just-in-time (JIT) malware assembly. This technique builds malware executables on targeted machines, using native Windows utilities from those machines to assemble their malicious payloads. JIT malware is able to bypas filters and sandboxes that look for complete malicious executables in network traffic.
Microsoft Office files are also being used by multiple criminal gangs via weaponised documents sent in spear-phishing emails. Adding a new twist to malware delivery via e-mail attachments, adversaries are using Visual Basic scripts available on Pastebin and elsewhere to flexibly adapt weaponized documents to distribute malware payloads.
It also highlights that recent spear-phishing initiated attacks against the White House and health insurer Anthem shared key common attributes. In each case, employees were lured into clicking on malicious content that enabled the threat actors to gain a crucial foothold on the targeted networks. The malware employed in each attack was also similar, although customised to avoid detection by traditional security tools.
"Our latest research shows the relentless innovation of threat actors' techniques that in turn highlights the inadequacy of most organisations' network defenses. This is consistently leading to intellectual property loss, costly remediation, loss of employee productivity, and reputational harm," says Invincea Founder and CEO Anup Ghosh.
"The endpoint is today the pivotal battleground in security, as both traditional anti-virus and newer network security controls are blind to now common attack techniques used in pervasive cyber-crime, industrial espionage, and nation-state campaigns".
More details are available in the full report which can be downloaded from the Invincea website.