Top vulnerabilities shift focus from Adobe to Microsoft
A new report from threat intelligence specialist Recorded Future looks at the changing way in which attackers are using vulnerabilities.
In contrast to previous years, most of the criminal exploit kits and phishing campaigns seen in 2017 have favored Microsoft products, rather than the Adobe Flash vulnerabilities which previous research showed as being the most popular.
Overall 2017 has seen a 62 percent decline in exploit kit development, with only a few exploit kits including AKBuilder, Disdain, and Terror showing significant activity. Dark web forums and marketplaces though continue to offer both high and low-quality exploit kit options, with prices ranging from $80 per day for services, up to $25,000 for full source-code access.
Seven of the top 10 vulnerabilities now target Microsoft products: Windows, Office, Edge and Internet Explorer, while the remaining three target Adobe Flash Player. The report notes that the widespread adoption of browsers, such as Chrome, with a default 'click to play' setting have limited the impact of many Adobe Flash Player vulnerabilities used by criminals.