Cybercriminals mainly abuse old vulnerabilities in Windows - Java 6 times in top 10

Cybercriminals mainly abuse old vulnerabilities in Windows to attack users, according to research from HP. One exploit developed for a leak, patched by Microsoft in 2010, was responsible for 33% of all exploits observed by HP. The affected exploit is the notorious LNK leak that was abused by the Stuxnet and Fanny worms.

myce-hp-top-10-exploit-samples-2

ADVERTISEMENT

In the top 10 of most detected exploits 6 places are taken by Java attacks, however all of them are vulnerabilities from 2012 and 2013. In 2014 no zero-day attacks on Java were discovered which according to HP is due to the "click-to-play" security measure Java developer Oracle introduced. When looking at vulnerabilities discovered in 2014 both Internet Explorer and Adobe Flash Player were the primary targets.

myce-hp-top-10-exploit-samples-1

Striking is that a leak in Mozilla Firefox returned in the overview. However it seems HP made a mistake, because the affected vulnerability "CVE-2014-0496" is actually a vulnerability in Adobe Reader. The numbers of attacks abusing vulnerabilities discovered in 2014 were so little that none of them made it in the top 10 of most attacked vulnerabilities.

ADVERTISEMENT

"The discovered exploit samples indicate that there is still a significant percentage of Windows users who do not regularly update their systems with security patches. This issue may have
been exacerbated by Microsoft ending support for Windows XP security updates last year", according to the researchers.

No posts to display