Top 10 Security Vulnerabilities of 2016
What software currently running on your computer is the MOST vulnerable to attacks by cybercrime exploit kits? Software made by Adobe Systems and Microsoft provided the most zero-day vulnerability targets during the past year, according to Recorded Future, a real-time cyber-threat detection and mitigation firm. Read on to learn which of those programs you should avoid...
Not Quite the Dirty Dozen, But...
Adobe and Microsoft dominated the top ten spots on Recorded Future's list of the most commonly exploited software. Adobe Flash vulnerabilities filled six of the top ten slots, making Flash the most useful and popular tool of hackers who create exploit kits and rent them to anyone who can pay. Microsoft's Windows, Internet Explorer and Silverlight grabbed the remaining four spots.
Exploit kits are software packages that analyze a target computer and launch against it only attacks known to be effective against the target’s particular configuration. An exploit kit is hosted on its developer’s server and rented out by the day, week, month, etc. Renters embed code into their rogue Web sites, phishing emails, and other attack vectors that triggers analysis and attack(s) by the exploit kit. When the rental period is up, the kit no longer responds to the renter’s calls. Exploit kits may rent for as little as $200/week or as much as $1500/week.
Exploit kits account for a very large number of attacks against Internet-connected devices because the kits can be used by almost anyone. Renters of exploit kits don’t need any technical expertise, just money and criminal tendencies.
The fruits of an exploit kit may be profitable data such as passwords to email or financial accounts, or openings into which malware can be introduced to a compromised machine to make it a slave in a botnet, or ransomware to encrypt a hard drive and extort payments.
Internet Explorer narrowly edged out Flash to claim the top spot on the list with over 700 exploit kits targeting a single IE vulnerability. Another IE vulnerability was in ninth place. One Windows vulnerability made the list, and one vulnerability in Microsoft Silverlight took fifth place.
No Big Surprises Here
The list is not too surprising. Adobe and Microsoft products are found on the overwhelming majority of computers in use today, particularly in the business environments that are most lucrative to hackers. It makes sense that developers of exploit kits would focus most of their R&D efforts on the products of these two companies.
Many exploit kits are available to would-be renters. Recorded Future studied 141 exploit kits to produce its study. Sadly, it turns out that creating and renting an exploit kit is a pretty easy way to make money. Exploit kits follow the legitimate world’s trend of Software-as-a-Service (SaaS); indeed, exploit kits are often referred to as “crimeware as a service” or CaaS.
The takeaways for consumers are pretty obvious:
- Don’t use Internet Explorer. Google Chrome and Firefox are excellent alternative web browsers, even on Windows 10, which introduced the Edge browser to replace IE.
- Make sure Flash auto-play is disabled in whatever browser you use. (See my article Should You Trash Adobe Flash? for more on how and why to do that.)
- If you have Silverlight on your computer, uninstall it via Control Panel unless there's some compelling reason to keep it. I’ve never run across a reason to install Silverlight since it was introduced in 2007.
I'll add a few tips to supplement that advice. Many computer problems can be avoided or cured simply by keeping all of your software up to date. See my article Keeping Software Updated Simply for some free programs that will do the job for you. Another problem that's important to know about is foistware -- unwanted and sometimes malicious software that tags along when you download a program that you do want. Fortunately, there's a tool called Ninite that eliminates the problem. See Finally: The End of Next, Next, Next... for the scoop on that handy utility.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 14 Dec 2016
|For Fun: Buy Bob a Snickers.|
A New Choice for Cord Cutters: DirecTV Now
The Top Twenty
Geekly Update - 15 December 2016
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Top 10 Security Vulnerabilities of 2016 (Posted: 14 Dec 2016)
Copyright © 2005 - Bob Rankin - All Rights Reserved