Exploit leaks from the likes of the Shadow Brokers dominated the threat landscape in the second quarter, according to new stats from Kaspersky Lab.
The Russian AV firm detected over 342 million attacks in 191 countries in the period April-June this year, a fairly significant reduction from the 479m attacks seen in Q1.
However, over five million such threats spotted by the vendor came from leaked exploits; that is, malware designed to utilize software vulnerabilities to infect victim machines.
Such attacks are particularly dangerous as they typically don’t require user interaction to deliver malicious code.
The Kremlin-linked Shadow Brokers leak was particularly damaging, making public exploits thought to have been developed by the NSA.
These led to the notable WannaCry and NotPetya outbreaks which caused chaos and destruction across the globe, even at big-name organizations including international law firm DLA Piper, Danish shipper Maersk, German drug company Merck, and ad giant WPP.
Although many of the bugs exploited by such threats were not zero-day vulnerabilities, poor patch management on the part of many organizations appeared to leave them exposed to attack.
Office vulnerability CVE-2017-0199, for example, was first discovered and patched in April but 1.5m users were subsequently attacked, according to Kaspersky Lab.
The average number of exploit-based attacks seen each day is also growing, with 82% of all attacks detected in the last month of the quarter.
“The threat landscape of Q2 provides yet another reminder that a lack of vigilance is one of the most significant cyber-dangers,” warned Kaspersky Lab security expert, Alexander Liskin. “While vendors patch vulnerabilities on a regular basis, many users don’t pay attention to this, which results in massive-scale attacks once the vulnerabilities are exposed to the broad cyber-criminal community.”
Elsewhere in the report, crypto-ransomware attacks increased, with the vendor blocking these threats on 246,675 computers during Q2, versus 240,799 in Q1.