Microsoft’s product vulnerabilities are hackers’ favorite targets
Recorded Future’s latest cyber attacks and exploit-related reports show interesting facts. The company aims to organize and analyze known and unknown threat data in advanced ways for faster and enhanced security.
According to the company, most flaws that cybercriminals have been using during the course of 2017 in their exploit kits and phishing attacks were found in products made by Microsoft. Recorded Future also reported that some of these vulnerabilities were a few years old.
What’s new in the 2017 reports
The security vendor analyzed thousands of deep forum postings, code repositories, and dark web onion sites back in 2016 and with their latest 2017 report, they continued the work in order to find more known software vulnerabilities.
In the 2015 and 2016 reports, the company found that Adobe Flash had the highest rankings, and now Microsoft seems to be the leader with 7 out of ten top flaws.
Recorded Future explains that:
[…] analysis identified a shift in preference from Adobe to Microsoft consumer product exploits. This is in stark contrast to our previous rankings. Analysis of these sources from January 1, 2017, to December 31, 2017, shows that Adobe is still somewhat popular among cybercriminals but quickly declining.
Some of this change is due to evolving criminal use of exploited vulnerabilities. Overall, exploit kits are declining as criminal efforts have adapted — cryptocurrency mining malware popularity has risen in the past year, for example.
Most common flaws found in Microsoft’s products
One of the vulnerabilities that were mostly observed in 2017 was CVE-2017-0199, and it was lurking in a few Microsoft Office products.
This allowed hackers to download then execute a Visual Basic script that included Powershell commands from malicious files. This flaw was found in various phishing attacks and exploit builders for this vulnerability were spotted on the dark web being sold for about $400 to $800.
Another significant and frequent vulnerability was CVE-2016-0189 which was listed in the ranking from 2016. The flaw was related to Internet Explorer and offers an easy way for exploit kits used in 2017.
There’s a stringent need to patch all known vulnerabilities
The data released in Recorded Future’s reports should remind everyone the strong need to patch all known issues and flaws. Their reports have also shown a drop in exploit kit activity which stemmed from the decline in Flash Player usage. Users have shifted to more secure browsers, but cybercriminals, as well.
Advice for increased security
Recorded Future advises users to follow a few essential steps in order to enhance security:
- Choose Google Chrome as the primary browser
- Enhance user training
- Backup your system as frequently as possible
- Use ad blockers
- Remove affected software
- Be aware of social media that uses Flash and exposes users to cyber risks.
We highly recommend CyberGhost, a leading VPN provider. It protects your PC from attacks while browsing, masks your IP address and blocks all unwanted access to your computer.
- Get now CyberGhost for enhanced internet security
You can learn more about the complete set of known flaws on Recorded Future’s 2017 Vulnerability Report.
RELATED STORIES TO CHECK OUT:
- PowerPoint exploit makes Windows vulnerable to cyber attacks
- Microsoft reported 587 vulnerabilities in its software in 2017
- Hotspot Shield VPN fixes vulnerability that reveals user information
After recent bad news stories about updates released by Microsoft for Windows 10, that you can read here and here, it is refreshing to read (or […]
Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]