Era exploits: the number of attacks using vulnerabilities in software is growing

Attacks using exploits belong to the most effective, because they generally do not require user interaction, and malicious code can be delivered to your device without raising suspicion. For this reason, these tools are often used by cyber criminals motivated by the desire to steal money belonging to individuals and companies, as well as by the sophisticated grouping applying targeted attacks that prey on sensitive information.

In around 2016 year Kaspersky Lab noted the enormous advantage of attacks on individual users in relation to corporate with exploits.

In 2016, Kaspersky Lab has 702 million attempts to run exploits-malicious tools that take advantage of errors in the software to infect devices dangerous programs, such as Trojans, banking or ransomware. This is about 24.54% more than in 2015, when protection technologies, Kaspersky Lab blocked a bit more than 563 million such attempts. The increasing use of exploits is one of the key findings of the report in order to assess the level of risk posed by exploits for consumers and businesses.

In 2016, the number of organizations that have experienced these attacks, increased by 28.35% and amounted to more than 690 000 – 15.76% of all users affected using exploits.

Key findings from the report

Mostly used by exploits were browser, Windows, Android and Microsoft Office — in 2016, 69.8% of users at least once clashed with the exploit for one of these applications.

In 2016, more than 297 000 users worldwide was attacked by an unknown exploits (exploits of zero and a highly obfuscated known malicious tools) — an increase of almost 7% to 2015, the market price of the previously unknown exploits can reach tens of thousands of dollars and they are usually used by sophisticated cyber criminals against large targets. Such attacks are blocked by the "Automatic prevention of exploitom", created by Kaspersky Lab for detecting this kind of sophisticated threats.

Interestingly, despite the growing number of attacks with the use of exploits and the growing number of attacked in this way, corporate users, the number of consumers who experienced the attack through an exploit in 2016, has fallen by more than 20% — 5.4 million in 2015, to 4.3 million in 2016.

According to researchers from Kaspersky Lab, the cause of this decline may be a reduction in the number of sources of exploits: in 2016, the underground market disappeared a few large and popular assemblies exploits (Neutrino and Angler). This had a significant impact on the overall threat landscape from this category, because many cyberprzestępczych groups apparently has lost opportunities to spread malware. Another reason is the faster response time of software companies on the newly-discovered security problems. As a result, create and support really effective set of exploits while profit has now become much more expensive for cyber criminals. However, this does not apply to attacks on organizations.

Based on the statistics on the detection and observation of activity groups using targeted attacks, we can say that professional group cyberszpiegowskie still have adequate budgets and skills to to create and spread sophisticated exploits. An example of this is the recent leak of harmful tools used allegedly by grouping Equation. This does not mean, however, that the company's protection against these timing attacks exploits is not possible. To cyberprzestępcze groups could not triumph, we recommend that users, especially corporate to apply best practices for Internet security and protect their computers, mobile devices, and network with the help of verified and effective tools of protection – said Alexander Liskin, expert. cybersecurity, Kaspersky Lab.

In order to secure computers, both domestic and business against attacks through exploits Kaspersky Lab's experts recommend the implementation of the following activities:

  • Make sure that the software installed on your computer was up to date, and turn on the auto-update feature, if it is available.
  • Always, when there is such a possibility, choose software provider, which shows a responsible approach to the problem of security vulnerabilities. Verify that the provider has its own bug bounty program to support independent investigators looking for a vulnerability to attacks.
  • If you manage a network of PCs, use patch management solutions that enable centralized software update on all controlled by You at the endpoints.
  • Carry out a regular assessment of the safety of the IT infrastructure of the organization.
  • Please refer to your staff with the methods of social engineering tactics, because they are often used to persuade the potential victim to open a document or link an infected exploit.
  • Use security solutions equipped with special mechanisms to prevent exploitom or at least the threat detection technology based on their behavior in the system.
  • Prefer suppliers who use a tiered approach to protect against cyber threats, including the exploit.


Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.