April 2, 2019 at 22:47 #2541
The most common vulnerabilities used in cyber-attacks can be patched fairly quickly. Researchers from Recorded Future state this in their Annual Vulnerability Report for 2018.
The most essential thing is to understand the vulnerabilities that are actively being sold and exploited on underground forums and the dark web. Although the real situation in enterprises or for others would be to patch everything, we need a precise picture of which vulnerabilities affect a company’s most critical systems. Combined with which vulnerabilities are actively being exploited, it allows better prioritization of the most critical places to patch.
Even though patches are available for the entire top ten most abused vulnerabilities, users are not ready to apply them. This keeps them vulnerable.
Analyzes of exploit kits, phishing attacks and malware campaigns that were deployed in 2018 show that errors in Microsoft solutions are the most abused. According to Recorded Future, it concerns eight of the top ten vulnerabilities. A year earlier it was seven out of ten.
For example, ‘Double Kill’ (CVE-2018-8174) appears to be the most popular vulnerability. This is an error in Windows VBScript that can be exploited via Internet Explorer and allows remote code execution. ‘Double Kill’ is part of four powerful exploit kits – RIG, Fallout, KaiXin, and Magnitude – that were used for the distribution of Trickbot malware via phishing and the Magniber ransomware.
Adobe vulnerabilities have been the most commonly used for exploits in the past, although this has diminished dramatically in recent years with the importance of Flash. Adobe was only twice in the top ten in 2018.
The most commonly used Adobe vulnerability is a zero-day (CVE-2018-4878) that was discovered in February last year. An emergency patch was already available in a few hours after discovery, but many users have not yet applied it.
CVE-2018-4878 vulnerabilities has since been included in multiple exploit kits, in particular, the Fallout Exploit Kit, which is used to distribute the GandCrab ransomware.
The top ten most abused vulnerabilities according to the Recorded Future report are:
• CVE-2018-8174 – Microsoft – Internet Explorer
• CVE-2018-4878 – Adobe – Flash Player
• CVE-2017-11882 – Microsoft – Office
• CVE-2017-8750 – Microsoft – Office
• CVE-2017-0199 – Microsoft – Office
• CVE-2016-0189 – Microsoft – Internet Explorer
• CVE-2017-8570 – Microsoft Office
• CVE-2018-8373 – Microsoft – Internet Explorer
• CVE-2012-0158 – Microsoft Office
• CVE-2015-1805 – Google – AndroidAugust 31, 2019 at 17:24 #5384
You must be logged in to reply to this topic.