Recorded Future published an interesting report on the most common vulnerabilities used by threat actors in the exploit kits.
The experts observed that Adobe Flash Player and Microsoft products (Internet Explorer, Silverlight, Windows) continue to be privileged targets of threat actors. Hacking campaigns conducted by nation-state actors have dominated the threat landscape in 2016, while crooks used exploit kits to deliver several families of malware, including ransomware and banking trojans.
The experts noticed that hackers have used new exploit kits targeting new vulnerabilities.
The researchers highlighted that the Adobe Flash Player comprised six of the top 10 vulnerabilities triggered by the exploit kits in a period from November 16, 2015 to November 15, 2016.
RecordedFuture analyzed 141 exploit kits, experts noticed that the Internet Explorer flaw tracked as CVE-2016-0189 was the most referenced on security blogs, deep web forum postings and dark web sites.
Experts from startup Theori have made a reverse engineering of the MS16-053 that fixed the CVE-2016-0189 flaw and published a PoC exploit for the vulnerability.
The PoC code works on Internet Explorer 11 running on Windows 10, a great gift for fraudsters that included it in the Neutrino EK and Magnitude, and many other exploit kits such as Angler, RIG, Nuclear, Spartan and Hunter.
According to Recorded Future after the Angler and Nuclear EKs disappeared from the threat landscape RIG became the most used EK, while the popularity of the Sundown EK rapidly increased.
Let me close with the Key Takeaways published by Recorded Future.
(Security Affairs – hacking, Top 10 vulnerabilities)