New Kit, Same Player: Top 10 Vulnerabilities Used by Exploit Kits in 2016

From Recorded Future:

Key Takeaways

  • Adobe Flash Player provided six of the top 10 vulnerabilities used by exploit kits in 2016. Since our 2015 ranking, Flash Player’s popularity with cyber criminals remains after increased Adobe security issue mitigation efforts.
  • Vulnerabilities in Microsoft’s Internet Explorer, Windows, and Silverlight rounded out the top 10 vulnerabilities used by exploit kits. None of the vulnerabilities identified in last year’s report carried over to this year’s top 10.
  • A 2016 Internet Explorer vulnerability (CVE-2016-0189) saw the most linkage to exploit kits, notably Sundown EK which quickly adopted an exploit in July 2016.
  • Sundown, RIG, and Neutrino exploit kits filled the void created by Angler Exploit Kit’s June 2016 demise. This crimeware can be used for anywhere from $200 a week (RIG) to $1,500 a week (Neutrino).
  • Adobe Flash Player’s CVE-2015-7645 has been incorporated into seven exploit kits, the highest penetration level of our analyzed vulnerabilities likely because it was the first zero-day discovered after significant Adobe security changes.
  • Identifying frequently exploited vulnerabilities can drive action by vulnerability assessment teams.

Read more of the findings on Recorded Future.

About the author: Dissent

Comments are closed.