The number of attacks using flaws in software increased by a quarter, to over 702 million attempts last year, according to a new report by Kaspersky Lab.
In 2016, there were 702,026,084 attempts to launch an exploit, up by 24.54 percent on 2015, according to the report which also showed that 347,966 users were attacked with exploits in 2016, 20.85 percent fewer than in the previous year.
It was also found that the number of corporate users encountering an exploit at least once increased 28.35 percent to reach 690,557, or 15.76 per cent of the total number of users attacked with exploits.
Among the applications exploited most often were browsers, the Windows and Android operating systems and Microsoft Office, with 69.8 percent of users encountering an exploit for one of these applications at least once in 2016. More than 297,000 users worldwide were attacked by unknown exploits.
The report said that despite the growing number of attacks featuring exploits, and the growing number of corporate users attacked in this way, the number of private users who encountered an exploit attack in 2016 decreased to just over 20 percent – from 5.4 million in 2015 to 4.3 million in 2016.
Researchers said that a possible reason for this decline could be a reduction in the number of sources for exploits: 2016 saw several big and popular exploit kits (the Neutrino and Angler exploit kits) leave the underground market. This significantly affected the overall exploit threat landscape as many cyber-criminal groups apparently lost their capabilities to spread the malware, said researchers.
Alexander Liskin, security expert at Kaspersky Lab, said that professional cyber-espionage groups still have the budgets and skills to develop and distribute sophisticated exploits.
“The recent leak of malicious tools allegedly used by the Equation Group is an illustration of this. However, this doesn't mean that it is impossible to protect your organisation against exploit-based attacks,” he said.
Dr Anton Grashion, managing director of security practice at Cylance, told SC Media UK that the number of digital devices we own personally and corporately has simply exploded, and many organisations are locked into relationships with legacy security software that is inadequate to block the newest attack types.
“Making matters even more dangerous is the fact that so much malware is available ‘off the rack' on the dark web at very low cost, and mercenary malware coders available for hire around the globe. It's become a simple matter to create and launch attacks,” he said.
FireMon chief technology officer, Paul Calatayud, told SC that attacks using exploits are increasing for two main reasons.
“First, performing an exploit takes time, energy and resources. With the growing popularity of hacking services, it's far easier to launch an exploit on top of third-party services to conduct a hacking campaign,” he said.
“This results in a faster time to deploy, with more frequent attacks. The second reason is in regards to technology. Cyber-defenders are improving their ability to detect and respond to cyber-attacks, including exploits.”