Bromium Research Highlights Increased Internet Browser Vulnerabilities
“Endpoint Exploitation Trends” Reveals Internet Explorer Vulnerabilities Surpassing JAVA in 2014; Action Script Spray Exploit Leads Internet Explorer and Flash Zero-day
CUPERTINO, Calif. – July 23, 2014 – Bromium®, Inc., the pioneer of a new model of endpoint security using micro-virtualization, today announced the publication of “Endpoint Exploitation Trends H1 2014,” a Bromium Labs analysis of public vulnerabilities and exploits from the first six months of 2014. The research determined that Internet Explorer vulnerabilities have increased more than 100 percent since 2013, surpassing JAVA and Flash vulnerabilities. The report also dissects the anatomy of emerging zero-day attacks, including Action Script Spray and Adobe Reader Sandbox Escape.
Highlights from “Endpoint Exploitation Trends H1 2014” include:
- Hackers increasingly target Microsoft Internet Explorer – Analysis indicates that Microsoft Internet Explorer vulnerabilities have increased more than 100 percent since 2013, a trend underscored by a progressively shorter time to first patch for its past two releases.
- Public JAVA zero-days decline – In 2013, JAVA led among vulnerabilities and public exploits, but this trend has reversed in 2014. In fact, in the first six months of 2014, there has not been a single public JAVA exploit.
- Action Script Spray drives zero-day attacks – Both Internet Explorer and Flash zero-day attacks have leveraged Action Script Sprays, an emerging technique that bypasses address space layout randomization (ASLR) with a return-oriented program (ROP) chain.
“End users remain a primary concern for information security professionals because they are the most targeted and most susceptible to attacks” said Rahul Kashyap, chief security architect, Bromium. “Web browsers have always been a favorite avenue of attack, but we are now seeing that hackers are not only getting better at attacking Internet Explorer, they are doing it more frequently.”
Read the Bromium Labs blog about “Endpoint Exploitation Trends H1 2014” at http://labs.bromium.com/2014/07/23/h1-2014-endpoint-exploitation-trends/
Read the Bromium Labs report “Endpoint Exploitation Trends H1 2014” at http://www.bromium.com/sites/default/files/bromium-h1-2014-threat_report.pdf
About Bromium, Inc.
Bromium is re-inventing enterprise security with its powerful new technology, micro-virtualization, which was designed to protect businesses from advanced malware, while simultaneously empowering users and delivering unmatched threat intelligence to IT. Unlike traditional security methods, which rely on complex and ineffective detection techniques, Bromium protects against malware from the Web, email or USB devices, by automatically isolating each user-task at the endpoint in a hardware-isolated micro-VM, preventing theft or damage to any enterprise resource. Bromium’s technological innovations have earned the company numerous industry awards including being named as a CNBC Disruptor and a Gartner Cool Vendor for 2013. Bromium counts a rapidly growing set of Fortune 500 companies and government agencies as customers, including NYSE and BlackRock.
# # #