Select Page

This device is unable to play the requested video. Security vulnerabilities in Microsoft software have become an even more popular means of attack by cyber criminals – but an Adobe Flash vulnerability still ranks as the second most used exploit by hacking groups. Analysis by researchers at Recorded Future of exploit kits, phishing attacks and trojan malware campaigns deployed during 2018 found that flaws in Microsoft products were the most consistently targeted during the course of the year, accounting for eight of the top ten vulnerabilities. That figure is up from seven during the previous year. Patches are available for all the flaws on the list – but not all users get around to applying them, leaving themselves vulnerable. Microsoft is the most common target, likely thanks to how widespread use of its software is. The top exploited vulnerability on the list is CVE-2018-8174. Nicknamed Double Kill , it’s a remote code execution flaw residing in Windows VBSsript which can be exploited through Internet Explorer. Double Kill was included in four of the most potent exploit kits available to cyber criminals – RIG, Fallout, KaiXin and Magnitude – and they helped deliver some of the most notorious forms of banking trojan and ransomware to unsuspecting victims. But the second most commonly observed vulnerability during the course of the year was one of only two which didn’t target Microsoft software: CVE-2018-4878 is an Adobe Flash zero-day first identified in February last year. An emergency patch was released within hours , but large numbers of users didn’t apply it, leaving them open to attacks. CVE-2018-4878 has since been included in multiple exploit kits, most notably the Fallout Exploit Kit which is used to power GandCrab ransomware – the ransomware remains prolific to this day . Adobe exploits used to be the most commonly deployed vulnerabilities by cyber criminals, but they appear to be going off it as we get closer to 2020 . SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic) Third in the most commonly exploited vulnerability list is CVE-2017-11882. Disclosed in December 2016 , it’s a security vulnerability in Microsoft Office which enables arbitrary code to run when a maliciously-modified file is opened – putting users at risk malware being dropped onto their computer. The vulnerability has come to be associated with a number of malicious campaigns including the QuasarRAT trojan , the prolific Andromeda botnet and more. Only a handful of vulnerabilities remain in the top ten on a year on year basis. CVE-2017-0199 – a Microsoft Office vulnerability which can be exploited to take control of an affected system – was the most commonly deployed exploit by cyber criminals in 2017, but slipped to the fifth most in 2018. CVE-2016-0189 was the ranked vulnerability of 2016 and second ranked of 2017 and still features among the most commonly exploited exploits. The Internet Explorer zero-day is still going strong almost three years after it first emerged, suggesting there’s a […]