The most common vulnerabilities used by exploit kits in the past year affect Flash Player, Windows, Internet Explorer and Silverlight, according to a report published on Tuesday by threat intelligence firm Recorded Future.
In its 2015 report, Recorded Future said Flash Player weaknesses represented eight of the top ten flaws leveraged by exploit kits. This year, Flash accounted for six of the top ten vulnerabilities.
The security firm’s analysis of 141 exploit kits showed that an Internet Explorer flaw tracked as CVE-2016-0189 was the most referenced on security blogs, deep web forum postings and dark web sites. The vulnerability was exploited in targeted attacks before Microsoft released a patch, but shortly after the fix became available, it was integrated into several major exploit kits, including Sundown, Neutrino, RIG and Magnitude.
The flaw that was adopted by the highest number of exploit kits is Flash Player’s CVE-2015-7645. The exploit has been integrated into Neutrino, Angler, Magnitude, RIG, Nuclear, Spartan and Hunter.
Researchers believe this exploit is popular because it affects all major operating systems, and it was the first weakness discovered after Adobe introduced a series of new mitigations.
The list of vulnerabilities adopted by multiple EKs also includes the Flash bugs tracked as CVE-2016-1019, CVE-2016-4117 and CVE-2015-8651, and a Silverlight flaw discovered by Kaspersky in November 2015. All of these security holes had been exploited in the wild when they were discovered.
While some of the most commonly used vulnerabilities identified in the latest report have been issued CVE identifiers in 2014 and 2015, Recorded Future noted that none of the issues mentioned in last year’s report carried over to the 2016 top 10.
After the Angler and Nuclear exploit kits disappeared from the scene, they were replaced by Neutrino and RIG. In October, researchers noticed that Neutrino was also either shut down or its authors stopped offering it publicly, allowing RIG to take the lead.
Recorded Future pointed out that while RIG is the leader, Sundown is also increasingly popular. First spotted in April 2015, Sundown has stolen exploits from several other EKs, but it was the first to integrate an exploit for the Internet Explorer vulnerability tracked as CVE-2015-2444. While some exploit kits deliver all sorts of malware, Sundown has focused on banking Trojans.
Related: Exploit Kit Activity Down 96% Since April
Related: Exploit Kits Take Cyberattacks to the Masses. But They’re Preventable
Related: What Makes a Good Exploit Kit
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Zyxel Firewalls Hacked by Mirai Botnet
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
- Drop in Insider Breaches Drives Decline in Intrusions at OT Organizations
- Zero-Day Vulnerability Exploited to Hack Barracuda Email Security Gateway Appliances
- OAuth Vulnerabilities in Widely Used Expo Framework Allowed Account Takeovers
- New Honeywell OT Cybersecurity Solution Helps Identify Vulnerabilities, Threats
- Rheinmetall Says Military Business Not Impacted by Ransomware Attack
Latest News
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
