In its 2014 Application Usage and
Threat Report, Palo Alto Networks shared their finding that hackers are
using old-school exploit techniques in new ways and in new places. Their
research found that common network applications such as FTP, RDP, SSL, NetBIOS,
and UDP are being used as gateways or pivot points to communicate directly with
endpoints for the purpose of data exfiltration.
The company’s analysis showed that nearly all threat
activity was visible in only a small number of applications, and that “nearly
99 percent of all malware logs were generated by a single threat across a
single application: unknown UDP.” UDP has become the command-and-control
channel for botnets as a safe place to “hide in plain sight,” with the ZeroAccess botnet
generating the heaviest amount of malware activity.
