Are Malware Writers Getting Smarter?

The number of exploits being written to target specific software vulnerabilities could be at all-time highs, new threat figures have suggested.

Fortinet's Threatscape report for June, which actually covers the period between 21 May and 20 June, reveals that of the 108 new vulnerabilities added to its firewall intrusion detection system in the period, 62 were being actively exploited.

This is equivalent to a 57.4 percent exploit rate, a rise over previous months and in line with increasing percentages and absolute numbers for recent months. For comparison, April-May exploit rates stood at 46.4 percent, with March-April at 31.3 percent.

Of the top 10 most common vulnerabilities noted by Fortinet, two were rated as 'critical', the highest threat level, seven were rated as 'high', and one as 'medium'. The vast majority of the vulnerabilities target holes in desktop software rather than on servers or other types of equipment.

The deeper question is why the rise has happening given that some of the exploits involve tricky, time-consuming programming on the part of the malware writers. Could it be that better patching frequency has driven malware writers have to exploit a wider variety of vulnerabilities in the hope of finding a successful one?

Fortinet's threat response team head, Guillaume Lovet, thinks not.

"I have a feeling it is more to do with a shift in strategy," he said. "It is more a consequence of the behaviour of people." According to Lovet, more influential was that old-style malware distribution had failed because ordinary users were now far less likely to click on attachments and links embedded in emails than they would have been in the past.

The key advantage for malware writers was that exploits required little and in some cases no user interaction. "With exploits you don't need users to click on links."

This interpretation suggests a bleak outlook for PC protection. Greater numbers of vulnerabilities are being exploited over time, something that patching can't keep up with because it takes time to patch the world's population of Windows machines, and that leaves an opportunity window. The only solution is better-written software but that will take precious time.

Subscribe to the Security Watch Newsletter

Comments