A new study from Atlas VPN shows that 51 percent of exploits sold on underground cybercriminal forums are for Microsoft products.
Microsoft Office exploits make up 23 percent while Windows accounts for 12 percent of exploits sold on hacker forums. Remote Desktop Protocol (RDP) exploits make up 10 percent, with Internet Explorer and Share Point taking three percent each.
“Once the flaw becomes public, companies patch it up and neutralize the risk,” Cybersecurity writer and researcher at Atlas VPN, William Sword says. “However, for vulnerabilities to become inefficient, it is essential to update your devices’ operating systems and software regularly. By adding an antivirus and a firewall to your devices and network, you would stop most vulnerabilities even if they were overlooked before.”
Vulnerabilities are increasing at an alarming rate too. The number of published software vulnerabilities in 2015 and 2016 was around 6,500. In 2017, published vulnerabilities more than doubled to 14,644. One of the most dangerous exploits this year was CVE-2017-0144, which affected the Windows operating system. Hackers used the vulnerability to deliver the WannaCry, Petya/NotPetya ransomware, resulting in one of the most damaging ransomware outbreaks to date.
Last year a record-breaking 18,395 exploits were reported, a 26 percent increase from 2017. March 2020 saw another concerning vulnerability published — CVE-2020-0796. This exploit can be abused in several ways, including hackers launching a network-based attack, sending malware, or gaining privileges to the target’s system.
You can read more on the Atlas VPN blog and there’s a graphic showing the spread of exploits on criminal forums below.
Image credit: focuspocusltd/depositphotos.com