8 out of 10 top vulnerabilities target Microsoft products
Prioritizing vulnerabilities can be difficult if you don't know which ones are being actively exploited. The latest annual research from Recorded Future looks at the top vulnerabilities and which products they are targeting.
In 2018, the company observed more exploits targeting Microsoft products compared to Adobe ones. Eight out of 10 vulnerabilities exploited via phishing attacks, exploit kits, or RATs were targeting Microsoft products.
While Adobe has been a popular target in the past, only one Adobe Flash vulnerability made the top 10. This is likely due to a combination of better patching and Flash Player's impending demise in 2020.
The development of new exploit kits has continued to drop amidst the shift to more targeted attacks and the reduced availability of zero-day vulnerabilities. The research saw only five new exploit kits appear compared to 10 the year before.
The top exploited vulnerability on the list, Microsoft Internet Explorer vulnerability CVE-2018-8174, nicknamed 'Double Kill,' was included in four exploit kits (RIG, Fallout, KaiXin, and Magnitude). Exploit kits associated with this vulnerability were used to spread the malware Trickbot through phishing attacks. The Magnitude Exploit Kit delivered Magniber ransomware, which primarily targeted users in Asia where computers' default languages were in Korean, Chinese, or Malay.
"The majority of vulnerabilities that are being exploited are older vulnerabilities," says Allan Liska, senior solutions architect at Recorded Future. "Of the top 10 only three were released in 2018, some of them have been out for a long time and the bad guys use them because they still work and they work effectively. There's no need to invest resources and effort into building up new exploits when the old ones work just great."
For the first time the report has been expanded to include Remote Access Trojans (RATs) as an extra category. QuasarRAT was associated with the most vulnerabilities, most notably those included in Trillium’s Security Multisploit Tool. This RAT, which has been active since 2011, continues to show its viability in a variety of attacks, including spear phishing attacks on government organizations.
You can find more information about the findings on the Recorded Future blog.