pixel_dreams - Fotolia

Exploit leaks are a cyber security game changer, says Kaspersky Lab

Leaked exploits became the game changer of the cyber threat landscape in the second quarter of 2017, say security researchers

In just 3 months, cyber security firm Kaspersky Lab says it blocked more than five million attacks designed to exploit unpatched software vulnerabilities.

This indicates the unrelenting scale of this cyber threat and shows that a lack of vigilance is one of the biggest cyber dangers, according to the researchers behind the security firm’s second quarter malware report.

An exploit is a type of malware that uses vulnerabilties in software to infect devices with additional malicious code such sd banking Trojans, ransomware or cyber espionage malware.

The most notable attacks of this type in second quarter were the WannaCry and Petya/NotPetya/ExPetr attacks, which both used the EternalBlue exploit believed to have developed by the US National Security Agency (NSA) and then leaked online by the hacking group Shadow Brokers.

Attacks conducted with the help of exploits are among the most effective as they generally do not require any user interaction, and can deliver their dangerous code without the user suspecting anything.

Such tools are therefore widely used, both by cyber criminals seeking to steal money from private users and companies, and in sophisticated targeted attacks hunting for sensitive information.

According to Kaspersky Lab researchers, the second quarter of 2017 experienced a massive wave of these in-the-wild vulnerabilities due to a number of exploits being leaked on the web.

This resulted in a significant change in the cyber threat landscape, mainly due to the Shadow Brokers’ publication of the so-called “Lost in Translation” archive, which contained a large number of exploits for different versions of Microsoft Windows, including EternalBlue.

Despite the fact that most of these vulnerabilities were not zero-day vulnerabilities and were patched by a Microsoft security update a month before the leak, the publication led to disastrous consequences.

In addition to the devastating WannaCry and Petya attacks, there were 1.5 million attacks in the quarter that exploited the CVE-2017-0199 vulnerability in Microsoft Office, despite the fact that it was patched shortly after it was discovered in early April.

Read more about software exploits

“While suppliers patch vulnerabilities on a regular basis, many users don’t pay attention to this, which results in massive-scale attacks once the vulnerabilities are exposed to the broad cyber criminal community,” said Alexander Liskin, security expert at Kaspersky Lab.

The malware report also revealed that attempted infections by malware that aims to steal money via online access to bank accounts were discovered on 224,675 user computers, a decrease of almost 22% compared with the first quarter.

Crypto-ransomware attacks were up, however, with 246,675 attacks blocked, representing an increase of just over 2% compared with the first quarter.

On average, 17.26% of internet-connected computers in the world faced a web attack using the malware-class malicious objects at least once, the report said.

To reduce the risk of infection, consumers and businesses are advised to keep software up to date and enable the auto-update feature if available; choose software suppliers that demonstrates a responsible approach to a vulnerability problem; use robust security systems that are kept up to date; and run regular system scans to check for possible infections.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close