In 2016, there were 702 million attempts to launch an exploit, according to Kaspersky Lab. This is 24.54% more than in 2015, when Kaspersky protection technologies blocked just over 563 million such attempts.
The growing use of exploits, i.e. malware that uses bugs in software to infect devices with additional malicious code like banking trojans or ransomware, is a result of the fact that these are among the most effective. In a report prepared by Kaspersky, the firm noted that attacks conducted with the help of exploits generally don’t require any user interaction, and can deliver their dangerous code without the user suspecting anything.
Such tools are therefore often used both by cyber-criminals seeking to steal money from private users and companies, and by sophisticated targeted attack actors hunting for sensitive information.
The report found that the number of corporate users attacked by exploits increased 28.35% to reach more than 690,000, or 15.76% of all users attacked with exploits. Browsers, Windows OS, Android OS and Microsoft Office are the applications exploited most often—and 69.8% of users encountered an exploit for one of these at least once in 2016.
Exploits to the infamous Stuxnet vulnerability (CVE-2010-2568) still top the list in terms of the number of attacked users. A quarter of users that encountered an exploit last year faced this particular threat.
In 2016, more than 297,000 users worldwide were attacked by zero-day and heavily obfuscated known exploits—which represents an increase of just under 7% on 2015. The market price for previously unknown exploits may reach tens of thousands of dollars, and they are usually used by sophisticated actors against high-profile targets.
Overall, targeted attackers and campaigns reported on by Kaspersky Lab in the years 2010 to 2016 made use of more than 80 vulnerabilities. Around two-thirds of these were used and re-used by more than one threat actor.
Interestingly, despite the growing number of attacks featuring exploits, and the growing number of corporate users attacked in this way, the number of private users who encountered an exploit attack in 2016 decreased just over 20%—from 5.4 million in 2015 to 4.3 million in 2016.
According to Kaspersky Lab researchers, a possible reason for this decline could be a reduction in the number of sources for exploits: 2016 saw several big and popular exploit kits (the Neutrino and Angler exploit kits) leave the underground market. This significantly affected the overall exploit threat landscape as many cybe-rcriminal groups apparently lost their capabilities to spread the malware.
Another reason is the faster reaction time of software vendors to newly discovered security issues. As a result, it is now far more expensive for cybe-rcriminals to develop and support an effective consumer exploit kit and simultaneously stay profitable.
“Based on both our detection statistics and our observations of the activity of targeted attack actors, we see that professional cyber-espionage groups still have the budgets and skills to develop and distribute sophisticated exploits,” said Alexander Liskin, security expert at Kaspersky. “The recent leak of malicious tools allegedly used by the Equation Group is an illustration of this. However, this doesn’t mean that it is impossible to protect your organization against exploit-based attacks. In order not to let malicious actors succeed, we advise users, especially corporate ones, to implement best practices of internet security and protect their computers, mobile devices and networks with proven and effective protection tools.”