Non-Microsoft exploits on the rise as hackers turn to servers
A new report from AlienVault, based on findings from vendors' threat reports in its Open Threat Exchange (OTX) platform, reveals more non-Microsoft exploits are in the top 10 list this year.
This is largely due to a rise of server attacks, particularly cryptocurrency-mining botnets that use remote exploits, such as Drupal. The report also sees an IoT exploit make the list for the first time.
On a positive note, the OTX Trends Report shows an encouraging uptick in information sharing across the InfoSec industry, including a lot of independent research sharing on Twitter. OTX itself now has more than 100,000 participants.
According to the report, "As more companies and researchers look at ways to share threat data, we see more usable and useful information flow into OTX. This openness and collaboration has resulted not only in organisations being able to defend themselves better -- but increasing circles of trust within the industry where actual threat intelligence is being shared more openly. A trend that we have seen grow over the years."
The sharing of information improves threat intelligence and makes it easier for defenders to spot threats that may have been re-purposed.
The report also ranks the adversaries most recorded in vendor reports. The North Korean 'Lazarus Group' comes top of the list, followed Russian group 'Sofacy' and the Iranian 'Muddy Water'. Lazarus likely consists of a few different sub-groups of attackers sharing the same code-base and often reported under the same name though, so its influence could be over-reported.
You can find out more about the report and OTX on the AlienVault blog.