Recent research by Palo Alto Networks Unit 42 Email Link Analysis (ELINK) has revealed that between April – June 2018, the US remained the number one to host malicious domains, while Australia has moved to number four on the list, putting it well ahead of both Russia and China in terms of bad sites. The vulnerabilities that businesses continue to face provide a timely reminder of the crucial importance of upgrading and patching systems, according to Palo Alto Networks.
Vicky Ray, principal researcher – Unit 42, Palo Alto Networks, said, “The ELINK research revealed that most countries have seen a decline in the number of malicious domains they host, apart from the Netherlands, which has seen a significant increase, and Australia, which has seen a slight increase. Interestingly, China fell from number two on the list to join Russia at number seven due to a massive decrease in the number of malicious domains being hosted.
“The US hosted more than double the number of exploit kits compared to the number two country, Russia, and accounted for more exploit kits globally than all other countries combined.”
This quarter, the research found that vulnerabilities under attack remained consistent, including very old vulnerabilities. One new vulnerability using zero-day attacks did rocket to near the top of the list; this was a Microsoft VBScript vulnerability that was patched in May but has been aggressively used in web-based attacks this quarter.
Vicky Ray said, “These findings reinforce the importance of updating software, especially Microsoft Windows, and Adobe Flash and Reader. Too many organisations are failing to take this most basic security precaution and could pay the price. We saw one very old vulnerability, which we’ve known about for almost a decade, move to number four on the list of vulnerabilities exploited this quarter. Another, similarly ancient vulnerability cracked the top five this quarter, indicating that companies aren’t being vigilant when it comes to updates and patches. Failing to patch for these known vulnerabilities can leave companies open to attacks.”
The research revealed that Australia was number six on the list of countries hosting exploit kits. Interestingly, an exploit kit that has been highly prevalent in the APAC region, KaiXin, was not detected at all in Australia. Instead, Australia saw many instances of Grandsoft, Sundown, and Rig, which are also prevalent in the US, Russia, and the Netherlands.
Vicky Ray said, “Businesses need to move away from older, legacy systems. Many smaller businesses still run Internet Explorer 7, for example, opening them up to significant vulnerabilities. Upgrading is essential not just to access new features and an improved user experience but to protect networks from security vulnerabilities.
“Furthermore, an overlooked security measure is to limit user privileges. Many attacks involve lateral movement within a target network after a successful exploitation of a vulnerability. If technology, policies and processes are implemented in a manner to provide access to limit user privileges, successful breaches can be reduced significantly. Basic security measures go a long way toward protecting businesses even if they don’t have the resources to implement state-of-the-art antimalware and antivirus tools.”