Exploit packages in-the-wild became the game changer of the cyber threat landscape in Q2 2017. In just 3 months, Kaspersky lab products have blocked more than five million attacks that involved exploits from archives leaked on the web. The growth peaked at the end of the quarter, indicating the unrelenting scale of this cyber threat. These are the main findings from Kaspersky Lab’s Q2 Malware Report.
An exploit is a type of malware that uses bugs in software to infect devices with additional malicious code like banking Trojans, ransomware or cyber espionage malware. Attacks conducted with the help of exploits are among the most effective as they generally do not require any user interaction, and can deliver their dangerous code without the user suspecting anything. Such tools are therefore widely used, both by cybercriminals seeking to steal money from private users and companies, and in sophisticated targeted attacks hunting for sensitive information.
The second quarter of 2017 experienced a massive wave of these in-the-wild vulnerabilities due to a number of exploits being leaked on the web. This entailed a significant change in the cyber threat landscape. The major kick-off was the Shadow Brokers’ publication of the “Lost In Translation” archive, which contained a large number of exploits for different versions of Windows.
The average number of attacks per day is constantly growing: 82% of all attacks were detected in the last 30 days of the quarter.
The damage from malware that used exploits from the archive as well as the number of infected users is beyond counting – withExPetr and WannaCry pandemics being the most notable examples. Another example is the CVE-2017-0199 vulnerability in Microsoft Office, discovered in early April. Despite the fact that it was patched in the same month, the number of attacked users peaked at 1.5 million. Overall, 71% of attacks on these users exploited the CVE-2017-0199 vulnerability.
To reduce the risk of infection, users are advised to:
- Keep the software installed on your PC up to date, and enable the auto-update feature if it is available.
- Wherever possible, choose a software vendor that demonstrates a responsible approach to a vulnerability problem. Check if the software vendor has its own bug bounty program.
- Use robust security solutions and make sure they keep all software up to date.
- Regularly run a system scan to check for possible infections.
