New Delhi: Findings from Kaspersky Lab’s Q2 Malware Report highlighted a sudden surge in the number of ‘exploit’ packages in-the-wild, which have lead to over five million attacks in a mere span of three months, indicating the unrelenting scale of this cyber threat.
An exploit is a type of malware that uses bugs in software to infect devices with additional malicious code like banking Trojans, ransomware or cyber espionage malware. Attacks conducted with the help of exploits are among the most effective as they generally do not require any user interaction, and can deliver their dangerous code without the user suspecting anything.
Such tools are therefore widely used, both by cyber criminals seeking to steal money from private users and companies and in sophisticated targeted attacks hunting for sensitive information.
The second quarter of 2017 experienced a massive wave of these in-the-wild vulnerabilities due to a number of exploits being leaked on the web. This entailed a significant change in the cyber threat landscape. The major kick-off was the Shadow Brokers’ publication of the “Lost In Translation” archive, which contained a large number of exploits for different versions of Windows.
Despite the fact that most of these vulnerabilities were not zero-day vulnerabilities and were patched by the Microsoft security update a month before the leak, the publication led to disastrous consequences. The average number of attacks per day is constantly growing: 82 percent of all attacks were detected in the last 30 days of the quarter.
The damage from malware that used exploits from the archive as well as the number of infected users is beyond counting – with ExPetr and WannaCry pandemics being the most notable examples. Another example is the CVE-2017-0199 vulnerability in Microsoft Office, discovered in early April.
Despite the fact that it was patched in the same month, the number of attacked users peaked at 1.5 million. Overall, 71 percent of attacks on these users exploited the CVE-2017-0199 vulnerability.
“The threat landscape of Q2 provides yet another reminder that a lack of vigilance is one of the most significant cyber dangers. While vendors patch vulnerabilities on a regular basis, many users don’t pay attention to this, which results in massive-scale attacks once the vulnerabilities are exposed to the broad cybercriminal community,” said Alexander Liskin, a security expert at Kaspersky.
Apart from the exploit malware, Kaspersky Lab solutions detected and repelled 342,566,061 malicious attacks from online resources located in 191 countries all over the world in Q2. This is less than in the previous period, where 479,528,279 malicious attacks from online resources located in 190 countries all over the world were detected.
Kaspersky Lab’s antivirus tool detected a total of 185,801,835 unique malicious and potentially unwanted objects in Q2, compared to a total of 174,989,956 unique malicious and potentially unwanted objects in the first quarter.