2017 Vulnerability Report: A Shift in Cybercriminal Preferences
March 27, 2018 • Scott Donnelly
Defenders continuously face the challenge of making remediation decisions around vulnerabilities without access to all of the facts. For example, it can be difficult to find the exploits that actually affect your business in the official vulnerability databases or even scanning tools. There’s simply too much information.
To provide a little more context, every year we analyze thousands of sources, including code repositories, deep web forum postings, and dark web onion sites to bring you the top 10 vulnerabilities used by cybercriminals.
Here’s a brief snapshot of what we found from 2017 activity.
Microsoft Is the New Favorite
In our 2016 vulnerability report, we found that Adobe Flash accounted for six of the top 10 vulnerabilities. This came as no surprise since Flash regularly tops yearly vulnerability reports.
This past year, however, something shifted. Our analysis identified a shift in preference from Adobe to Microsoft consumer product exploits. Seven of the top 10 vulnerabilities exploited by phishing attacks and exploit kits are utilizing Microsoft products. This is in stark contrast to our previous rankings.
Analysis of these sources from January 1, 2017 to December 31, 2017 shows that Adobe is still somewhat popular among cybercriminals but quickly declining.
Some of this change is due to evolving criminal use of exploited vulnerabilities. Overall, exploit kits are declining as criminal efforts have adapted — cryptocurrency mining malware popularity has risen in the past year, for example.
Covering All the Bases
It’s a lot of information, so every week for the next four weeks, we’ll release a blog post focusing on a specific part of the report. Stay tuned for an in-depth look at why Flash is no longer the preferred exploit of cybercriminals, which specific Microsoft vulnerabilities to watch out for, what CVSS scores really mean, and more.
You can also download “The Top 10 Vulnerabilities Used by Cybercriminals in 2017” report to look further into why the criminal underground is shifting, what other vulnerabilities are being actively exploited, and what you can do to defend against them.