Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Flash Player Remains Main Target of Exploit Kits: Report

The most common vulnerabilities used by exploit kits in the past year affect Flash Player, Windows, Internet Explorer and Silverlight, according to a report published on Tuesday by threat intelligence firm Recorded Future.

The most common vulnerabilities used by exploit kits in the past year affect Flash Player, Windows, Internet Explorer and Silverlight, according to a report published on Tuesday by threat intelligence firm Recorded Future.

In its 2015 report, Recorded Future said Flash Player weaknesses represented eight of the top ten flaws leveraged by exploit kits. This year, Flash accounted for six of the top ten vulnerabilities.

The security firm’s analysis of 141 exploit kits showed that an Internet Explorer flaw tracked as CVE-2016-0189 was the most referenced on security blogs, deep web forum postings and dark web sites. The vulnerability was exploited in targeted attacks before Microsoft released a patch, but shortly after the fix became available, it was integrated into several major exploit kits, including Sundown, Neutrino, RIG and Magnitude.

The flaw that was adopted by the highest number of exploit kits is Flash Player’s CVE-2015-7645. The exploit has been integrated into Neutrino, Angler, Magnitude, RIG, Nuclear, Spartan and Hunter.

Researchers believe this exploit is popular because it affects all major operating systems, and it was the first weakness discovered after Adobe introduced a series of new mitigations.

The list of vulnerabilities adopted by multiple EKs also includes the Flash bugs tracked as CVE-2016-1019, CVE-2016-4117 and CVE-2015-8651, and a Silverlight flaw discovered by Kaspersky in November 2015. All of these security holes had been exploited in the wild when they were discovered.

While some of the most commonly used vulnerabilities identified in the latest report have been issued CVE identifiers in 2014 and 2015, Recorded Future noted that none of the issues mentioned in last year’s report carried over to the 2016 top 10.

After the Angler and Nuclear exploit kits disappeared from the scene, they were replaced by Neutrino and RIG. In October, researchers noticed that Neutrino was also either shut down or its authors stopped offering it publicly, allowing RIG to take the lead.

Advertisement. Scroll to continue reading.

Recorded Future pointed out that while RIG is the leader, Sundown is also increasingly popular. First spotted in April 2015, Sundown has stolen exploits from several other EKs, but it was the first to integrate an exploit for the Internet Explorer vulnerability tracked as CVE-2015-2444. While some exploit kits deliver all sorts of malware, Sundown has focused on banking Trojans.

Related: Exploit Kit Activity Down 96% Since April

Related: Exploit Kits Take Cyberattacks to the Masses. But They’re Preventable

Related: What Makes a Good Exploit Kit

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.