Home > United Nations Online Network in Public Administration and Finance (UNPAN)
1. Global
Global
2. Africa
Africa
3. Arab States
Arab States
4. Asia & Pacific
Asia & Pacific
5. Europe
Europe
6. Latin America & Caribbean
Latin America & Caribbean
7. North America
North America
UNPAN North America
Public Administration News  
Share
Microsoft Products Are Hackers’ Favorite — Report
Source: www.infosecurity-magazine.com
Source Date: Thursday, March 29, 2018
Focus: Knowledge Management in Government, Citizen Engagement
Country: United States
Created: Apr 02, 2018

The majority of vulnerabilities used by cyber-criminals last year in phishing attacks and exploit kits were found in Microsoft products, with some dating back several years, according to Recorded Future.

The security vendor followed-up a similar 2016 report by analyzing thousands of sources — including code repositories, deep web forum postings, and dark web onion sites — to spot “co-occurrences” with known software flaws.

Unlike the 2016 and 2015 reports, where Adobe Flash dominated the rankings, Microsoft led the way with seven out of the top 10 vulnerabilities.

The most commonly observed vulnerability was CVE-2017-0199, found in several Microsoft Office products and allowing attackers to download and execute a Visual Basic script containing Powershell commands from a malicious document.

It was spotted in multiple phishing attacks and linked to 11 separate pieces of malware, while exploit builders for the flaw were seen on the dark web last year being sold for between $400-$800, according to the report.

The second most frequently cited vulnerability, CVE-2016-0189, appeared on the 2016 rankings. It’s an Internet Explorer vulnerability which served as a popular avenue for exploit kits in 2017, Recorded Future claimed.

Alongside these two were five more Microsoft vulnerabilities dating from 2017, 2016 and even 2014. The three Adobe Flash bugs on the list were first published in 2015 and 2016.

The continued popularity of these flaws should be a timely reminder of the need to patch known vulnerabilities. Just this week, for example, Boeing was caught out after some machines in its South Carolina facility were infected with WannaCry.

Overall, however, Recorded Future claimed to have seen a decline in exploit kit activity — a 62% drop in new variants.

“The observed drop in exploit kit activity overlaps with the rapid decline of Flash Player usage,” explained report author, Scott Donnelly. “Users have shifted to more secure browsers, and attackers have shifted as well. Spikes in cryptocurrency mining malware and more targeted victim attacks have filled the void.”

The firm urged users to switch to Google Chrome as their primary browser; improve user training; frequently back-up to mitigate the risk of ransomware; use ad-blockers to prevent malvertising; and remove affected software if it doesn’t impact key business processes.

It also warned firms to be aware that social sites like Facebook may use Flash, exposing users to cyber-risk.

(By Phil Muncaster)
News Home

 Tag This
 Tell A Friend
del.icio.us digg this Slashdot
Rate:
0 ratings
Views: 456

Comments: 0 Bookmarked: 0 Tagged: 0



0 Comments | Login to add comment

Site map | FAQs | Terms and Privacy | Contact Us
Copyright 2018 by UNPAN - United Nations Public Administration Network