Security vulnerabilities in Microsoft software have become an even more popular means of attack than cybercriminals - but Adobe Flash's vulnerability is still ranked as the second most exploited hacking group.
Analyzes by researchers at Recorded Future of exploit kits, phishing attacks, and malware developed during 2018 found that defects in Microsoft products were the most consistent target during the of the year, representing eight of the top ten vulnerabilities. That number has increased from seven it was during the previous year. "Patches" are available for all defects in the list - but not all users update their applications, leaving them vulnerable.
Microsoft is the most common goal, probably thanks to the widespread use of its software. The top vulnerability in the list is CVE-2018-8174. With the Double Kill nickname, we are talking about a remote code execution error distributed in Windows VBSsript that can be exploited through Internet Explorer.
Double Kill was included in four of the most powerful exploitation kits available to hackers - RIG, Fallout, KaiXin and Magnitude - and helped deliver some of the most famous trojan and ransomware forms to unsuspecting victims.
But the second most commonly observed vulnerability during the year was one of two that did not target Microsoft's software: CVE-2018-4878 is a zero-day Adobe Flash that was first recognized in February.
An emergency patch was released within a few hours, but a large number of users did not apply it, leaving their systems open to attack. CVE-2018-4878 has since been included in many exploitation kits, mainly the Fallout Exploit Kit used for the GandCrab ransomware - the ransomware remains productive to date.
Adobe farms have been the most commonly used vulnerabilities by a hacker in cyberspace, but they seem to be moving away from them as we approach 2020.
Third, the most common list of vulnerabilities is CVE-2017-11882. It was unveiled in December of 2016 and is a security vulnerability in Microsoft Office that allows arbitrary code to run against a maliciously modified file with the file - it puts users' computers at risk of malware. CVE-2017-11882 has been associated with several malicious campaigns, such as the QuasarRAT trojan, the productive botnet Andromeda And much more.
Very few vulnerabilities remain in the top ten on an annual basis. CVE-2017-0199 - a vulnerability of Microsoft Office that can take control of an affected system - was the most commonly used by cyber criminals 2017, but it fell to 2018 in fifth place.
CVE-2016-0189 was the first to rank with vulnerabilities in 2016 and the second ranked 2017 and is still classified as the most frequent holdings. Internet Explorer zero-day continues to be strong almost three years after it first appeared, indicating that there is a real problem with users not applying updates to their browsers.
Applying the appropriate remedies to operating systems and applications can greatly advance the protection of organizations from some of the most commonly developed cyber attacks.
"The biggest difference is the importance of knowing the vulnerabilities sold in underground and dark online forums," Kathleen Kuczma, sales engineer at Recorded Future, told ZDNet.
"Although the ideal situation would be to repair everything, having an accurate picture of vulnerabilities affecting the most critical systems of a company, in combination with which vulnerabilities are actively exploited or developed, allows vulnerability management teams to prioritize the most important parts to fix, ”she added.
The only vulnerability outside of it Microsoft in addition to the vulnerability of Adobe, is CVE-2015-1805: Linux kernel vulnerability, which is often used to attack an Android smartphone with malware.
The ten most exploitable vulnerabilities according to Recorded Future Annual Vulnerability report are:
- CVE-2018-8174 - Microsoft
- CVE-2018-4878 - Adobe
- CVE-2017-11882 - Microsoft
- CVE-2017-8750 - Microsoft
- CVE-2017-0199 - Microsoft
- CVE-2016-0189 - Microsoft
- CVE-2017-8570 - Microsoft
- CVE-2018-8373 - Microsoft
- CVE-2012-0158 - Microsoft
- CVE-2015-1805 - Google Android