Vulnerabilities in Adobe's Flash Player took second place to Windows flaws last year in a list of the most used avenues of attack by cyber criminals compiled by security firm Recorded Future.
The company said that in the two previous years — 2015 and 2016 — Flash had been the main avenue for exploits in the samples it studied. But Microsoft's Windows surged back to the top last year.
"In 2017, seven of the top 10 vulnerabilities exploited targeted Microsoft products, with the remaining three targeting Flash. This is a steep decline from previous years — Flash accounted for six of the top 10 in 2016, and eight in 2015," it said.
The main findings in the vulnerability study for 2017 were:
- Microsoft products provided seven of the top 10 vulnerability exploits adopted by exploit kits and phishing campaigns.
- For the first time, three vulnerabilities remained on the list from one year to the next. For example, the top exploited vulnerability from 2016, CVE-2016-0189 in Microsoft’s Internet Explorer, remained a popular inroad for criminals. Dark Web conversations highlighted a lack of new and effective browser exploits.
- In 2017, exploit kits saw a 62% decline in development. Only a few exploit kits, including AKBuilder, Disdain, and Terror saw significant activity. Multiple factors, including more specific victim targeting, shifts to more secure browsers, and a rise in cryptocurrency mining malware are likely to have caused the decline.
- Dark Web forums and marketplaces continued to offer high and low-quality exploit kit options, with prices ranging from US$80 per day for services, to US$25,000 for full source-code access. Exploit builders for top-ranked Microsoft Office vulnerability CVE-2017-0199 ranged from US$400 to US$800 in 2017.
{loadposition sam08}"Some of this change is due to evolving criminal use of exploited vulnerabilities," Recorded Future's Scott Donnelly said. "Overall, exploit kits are declining as criminal efforts have adapted.
"This comes as cryptocurrency mining malware popularity rose in the past year. Profiting from cryptocurrency mining has its advantages, including less time spent on collecting victim ransomware payments and the avoidance of rising bitcoin transaction fees."
The most commonly observed vulnerability that came under attack was CVE-2017-0199 which affects many Microsoft Office products and allows attackers to download and execute a Visual Basic script containing Powershell commands from a malicious document.
There were numerous malware that took advantage of this vulnerability: Latentbot, Microsoft Word Intruder, Hancitor, Dridex, FinFisher, Silent Doc Exploit, REMCOS, PoohMilk, Freenki, FreeMilk and Cerber.
The study can be downloaded here after registration.