Top 10 Security Vulnerabilities of 2016
What software currently running on your computer is the MOST vulnerable to attacks by cybercrime exploit kits? Software made by Adobe Systems and Microsoft provided the most zero-day vulnerability targets during the past year, according to Recorded Future, a real-time cyber-threat detection and mitigation firm. Read on to learn which of those programs you should avoid... |
Not Quite the Dirty Dozen, But...
Adobe and Microsoft dominated the top ten spots on Recorded Future's list of the most commonly exploited software. Adobe Flash vulnerabilities filled six of the top ten slots, making Flash the most useful and popular tool of hackers who create exploit kits and rent them to anyone who can pay. Microsoft's Windows, Internet Explorer and Silverlight grabbed the remaining four spots.
Exploit kits are software packages that analyze a target computer and launch against it only attacks known to be effective against the target’s particular configuration. An exploit kit is hosted on its developer’s server and rented out by the day, week, month, etc. Renters embed code into their rogue Web sites, phishing emails, and other attack vectors that triggers analysis and attack(s) by the exploit kit. When the rental period is up, the kit no longer responds to the renter’s calls. Exploit kits may rent for as little as $200/week or as much as $1500/week.
Exploit kits account for a very large number of attacks against Internet-connected devices because the kits can be used by almost anyone. Renters of exploit kits don’t need any technical expertise, just money and criminal tendencies.
The fruits of an exploit kit may be profitable data such as passwords to email or financial accounts, or openings into which malware can be introduced to a compromised machine to make it a slave in a botnet, or ransomware to encrypt a hard drive and extort payments.
Internet Explorer narrowly edged out Flash to claim the top spot on the list with over 700 exploit kits targeting a single IE vulnerability. Another IE vulnerability was in ninth place. One Windows vulnerability made the list, and one vulnerability in Microsoft Silverlight took fifth place.
No Big Surprises Here
The list is not too surprising. Adobe and Microsoft products are found on the overwhelming majority of computers in use today, particularly in the business environments that are most lucrative to hackers. It makes sense that developers of exploit kits would focus most of their R&D efforts on the products of these two companies.
Many exploit kits are available to would-be renters. Recorded Future studied 141 exploit kits to produce its study. Sadly, it turns out that creating and renting an exploit kit is a pretty easy way to make money. Exploit kits follow the legitimate world’s trend of Software-as-a-Service (SaaS); indeed, exploit kits are often referred to as “crimeware as a service” or CaaS.
The takeaways for consumers are pretty obvious:
- Don’t use Internet Explorer. Google Chrome and Firefox are excellent alternative web browsers, even on Windows 10, which introduced the Edge browser to replace IE.
- Make sure Flash auto-play is disabled in whatever browser you use. (See my article Should You Trash Adobe Flash? for more on how and why to do that.)
- If you have Silverlight on your computer, uninstall it via Control Panel unless there's some compelling reason to keep it. I’ve never run across a reason to install Silverlight since it was introduced in 2007.
I'll add a few tips to supplement that advice. Many computer problems can be avoided or cured simply by keeping all of your software up to date. See my article Keeping Software Updated Simply for some free programs that will do the job for you. Another problem that's important to know about is foistware -- unwanted and sometimes malicious software that tags along when you download a program that you do want. Fortunately, there's a tool called Ninite that eliminates the problem. See Finally: The End of Next, Next, Next... for the scoop on that handy utility.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 14 Dec 2016
For Fun: Buy Bob a Snickers. |
Prev Article: A New Choice for Cord Cutters: DirecTV Now |
The Top Twenty |
Next Article: Geekly Update - 15 December 2016 |
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- Top 10 Security Vulnerabilities of 2016 (Posted: 14 Dec 2016)
Source: https://askbobrankin.com/top_10_security_vulnerabilities_of_2016.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Top 10 Security Vulnerabilities of 2016"
Posted by:
Mark Bessette
14 Dec 2016
Thank you for all of your research! I read in detail almost every post of yours' I thought Firefox had it's own set of issues? I have to my customers to stay away from it. Let me know your thoughts.
Posted by:
Michael Daniels
14 Dec 2016
Thanks for this informative article. Easy to see why the focus would be on the IE code. I used SilverLight as a requirement to stream video from a Monday Night Football source awhile back.
Posted by:
Jay R
14 Dec 2016
I just uninstalled Sliverlight. I recall that it came up several time in the past when I was looking at a picture of some sort. I hope that I don't need it. As blindly as I follow Bob, I wonder if someday he is going to create the biggest bot network known to man or AI. Thank you, Bob. May you have a Merry Christmas.
Posted by:
Sarah L
14 Dec 2016
Firefox is what I use all the time. Never had a problem with it. I understood the rising popularity of Chrome to rest on its connections to other popular Google products, along with its ease of use. It would be good to know if others have the same experience.
Posted by:
Jeri
14 Dec 2016
Isn't Silverlight necessary to watch Netflix on your computer?
EDITOR'S NOTE: From https://help.netflix.com/en/node/23742 -- You can use our HTML5 player or Silverlight to watch Netflix
Posted by:
Warren
14 Dec 2016
Does this affect Apple Mac computers or only Windows units.
Posted by:
Sally
14 Dec 2016
What about Adobe Air, Acrobat Reader, and Digital Editions?
Posted by:
Jim
15 Dec 2016
I followed your suggestion and shut down Flash and now none of the videos on FB will play. So I guess you have to weigh your options as to whether you want to trust the virus protection or do without the video. As for me I'm re-activating Flash. Cant do without my grandkids vids.
Posted by:
Jaxon
15 Dec 2016
I think Yahoo email accounts have to be right up there in terms of security vulnerabilities.
Posted by:
Lisa
25 Dec 2016
I understand Flash is being outted by HTML5, however, there are still places on the net still using Flash. I am finding also that Flash is trying to use other names for its player. Same program, just a different name. Flash does not play properly anymore on my computers, it is very jumpy and does not buffer correctly. Flash should just go away already or get fixed.