More than 40 percent of ICS computers attacked by malicious software at least once in H1 2018Learn more >
Woburn, MA – April 20, 2017 – Today Kaspersky Lab announced the key findings of its “Attacks with Exploits: From Everyday Threats to Targeted Campaigns” report, which found 702 million attempts to launch an exploit in 2016. This is an increase of 24.54 percent from 2015, when Kaspersky Lab protection technologies blocked just over 563 million attempts. The report evaluates the threat level that exploits pose to consumers and organizations.
An exploit is malware that uses bugs in software to infect devices with additional malicious code like banking Trojans or ransomware. Attacks conducted with the help of exploits are among the most effective as they generally do not require any user interaction, and can deliver dangerous code without user suspicion. Exploits are often used both by cybercriminals seeking to steal money from private users and companies, and by sophisticated targeted attacks actors hunting for sensitive information.
In 2016, more companies and organizations encountered such attacks: the number of corporate users attacked by exploits increased 28.35% to reach more than 690,000, or 15.76% of all users attacked with exploits.
Additional significant findings of the report include:
- In 2016, more than 297,000 users worldwide were attacked by unknown exploits (zero-day and heavily obfuscated known exploits), an increase of just under 7 percent on 2015.
- Exploits to the infamous “Stuxnet vulnerability” (CVE-2010-2568) still top the list in terms of the number of attacked users. 1 in 4 users that encountered an exploit during 2016, faced this particular threat.
- Overall, targeted attackers and campaigns reported on by Kaspersky Lab from 2010 to 2016 made use of more than 80 vulnerabilities. Around two-thirds of these vulnerabilities were used and re-used by more than one threat actor.
- Browsers, Windows OS, Android OS and Microsoft Office are the applications exploited most often – 69.8 percent of users encountered an exploit for one of these apps at least once in 2016.
The report shows that the number of corporate users attacked by exploits increased 28.35 percent to reach more than 690,000. However, despite the growing number of attacks featuring exploits, and the growing number of corporate users attacked in this way, the number of private users who encountered an exploit attack in 2016 decreased just over 20 percent - from 5.4 million in 2015 to 4.3 million in 2016.
According to Kaspersky Lab researchers, a possible reason for this decline could be a reduction in the number of sources for exploits: 2016 saw several big and popular exploit kits (the Neutrino and Angler exploit kits) leave the underground market. This significantly affected the overall exploit threat landscape as many cybercriminal groups apparently lost their capabilities to spread the malware. Another reason is the faster reaction time of software vendors to newly discovered security issues. As a result, it is now far more expensive for cybercriminals to develop and support a really effective exploit kit and simultaneously stay in profit. However this is not the case when it comes to attacks against organizations.
“Based on both our detection statistics and our observations of the activity of targeted attack actors, we see that professional cyber espionage groups still have the budgets and skills to develop and distribute sophisticated exploits,” said Alexander Liskin, security expert at Kaspersky Lab. “The recent leak of malicious tools allegedly used by the Equation Group is an illustration of this. However, this doesn’t mean that it is impossible to protect your organization against exploit-based attacks. In order not to let malicious actors succeed, we advise users, especially corporate ones, to implement best practices of internet security and protect their computers, mobile devices and networks with proven and effective protection tools.”
In order to protect against attacks via software exploits, Kaspersky Lab experts advise the following:
- Keep the software installed on your PC up to date, and enable the auto-update feature if it is available.
- Wherever possible, choose a software vendor that demonstrates a responsible approach to a vulnerability problem. Check if the software vendor has its own bug bounty program.
- If you are managing a network of PCs, use patch management solutions that allow for the centralized updating of software on all endpoints under your control.
- Conduct regular security assessments of the organization’s IT infrastructure.
- Educate your personnel on social engineering as this method is often used to make a victim open a document or a link infected with an exploit.
- Use security solutions equipped with specific exploit prevention mechanisms or at least behavior-based detection technologies
- Give preference to vendors which implement a multilayered approach to protection against cyberthreats, including exploits.
To learn more about changes at exploit threat landscape at Securelist.com.
About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company founded in 1997. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them.
Learn more at www.kaspersky.com.
For the latest in-depth information on security threat issues and trends, please visit: Securelist | Information about Viruses, Hackers and Spam
Follow @Securelist on Twitter
Follow @Threatpost on Twitter
Articles related to Virus News
Kaspersky Lab researchers find unique driver tactics in latest LuckyMouse schemeLearn more >
New research from the Kaspersky Lab 2018 B2B Survey shows that North America is the top region where a data breach is most likely to be blamed on the C-suite.Learn more >