The Top Ten Software Flaws Used By Cyber Criminals
Source: ZDNet / Danny Palmer
February 04: Over half of the most common security vulnerabilities exploited by criminals to conduct cyber attacks and distribute malware are more than a year old, and some are over five years old, demonstrating how failure to apply security updates is leaving organisations vulnerable to hacking and malicious compromise.
Researchers at Recorded Future analysed the top vulnerabilities, exploit kits and malware attacks deployed by cyber criminals during the course of 2019. There are patches from vendors to fix all of these bugs, but software patching is often forgotten or ignored by companies and individuals.
Recorded Future found that six of the most commonly exploited vulnerabilities for the year were repeats from 2018. All of these repeats are to do with vulnerabilities in Microsoft products, and in total eight of the top ten vulnerabilities are related to Microsoft software such as Internet Explorer and Microsoft Office.
However, the two other most common vulnerabilities in the top ten list both target Adobe Flash Player and one of these Flash flaws – CVE-2018-15982 – was the most commonly exploited during 2019.
This Flash zero-day has helped power GandCrab ransomware as well as various forms of malware powered with the Fallout exploit kit which provides criminals with a selection box of exploits. Such is the danger of the vulnerability that it was assigned a Common Vulnerability Scoring System (CVSS) score of 10 when it emerged – and was patched – in December 2018.
Behind this, the next three most common vulnerabilities exploited by cyber attackers are all repeats from the previous year with last year’s number one – CVE-2018-8174 – sliding to number two.
The vulnerability in Internet Explorer – known as Double Kill – is deployed in a wide variety of cyber attacks and is associated with hacking campaigns which deliver Trickbot trojan malware, as well as number of common exploit kits. The vulnerability was patched in May 2018, but the way in which is still exploited demonstrates that there are large numbers of users who haven’t applied it.
The same goes for CVE-2017-11882, a vulnerability in Microsoft Office which was disclosed in December 2016 and still ranks as the third most commonly exploited vulnerability in the list. It’s become associated with a large number of Trojans and keyloggers, as well as Emotet, one of the most prolific botnets in the world today.
Alarmingly, CVE-2012-0158 remains one of the most common vulnerabilities targeted by hackers, despite being almost eight years old. The critical bug in Microsoft Office can be exploited to conduct remote code execution attacks and despite slightly dropping in popularity, remains in the top ten.
CVE-2015-2419 – a vulnerability which allows attackers to execute arbitrary code via Internet Explorer also features in the top ten, despite being known about since 2015.
EternalBlue was one of the most potent vulnerabilities in recent years, helping to power the WannaCry ransomware attack and it’s still commonly used today. However, Recorded Future researchers haven’t included EternalBlue – or EternalRomance – in the report because they were first adopted by nation-state backed hacking operations, rather than emerging through the cyber criminal underground.
All of the vulnerabilities in the list have received patches – but there are still enough users and enterprises which aren’t applying the updates and therefore leaving the door open for cyber attackers.
“The problem is that there are tens of thousands of people looking to exploit Microsoft products, simply because it’s such a large target,” Kathleen Kuczma, sales engineer at Recorded Future told ZDNet.
The most effective thing which can be done to protect networks from falling victims to attacks which use these vulnerabilities is to ensure all products – particularly Microsoft ones – are up to date and that if a new security patch is released, to apply it as soon as possible.
And because the most commonly exploited vulnerability targets Adobe Flash, the advice from Recorded Future is simple: automatically disable it, especially as Adobe will be ending support on December 31 2020.
The top ten most commonly exploited vulnerabilities – and the technology they target – according to the Recorded Future Annual Vulnerability report are:
- CVE-2018-15982 – Adobe Flash Player
- CVE-2018-8174 – Microsoft Internet Explorer
- CVE-2017-11882 – Microsoft Office
- CVE-2018-4878 – Adobe Flash Player
- CVE-2019-0752 – Microsoft Internet Explorer
- CVE-2017-0199 – Microsoft Office
- CVE-2015-2419 – Microsoft Internet Explorer
- CVE-2018-20250 – Microsoft WinRAR
- CVE-2017-8750 – Microsoft Internet Explorer
- CVE-2012-0158 – Microsoft Office
Source: ZDNet / Danny Palmer