51% of exploits sold on underground forums are for Microsoft products
Cybercriminals sell found software vulnerabilities to each other, increasing their profits and causing more damage along the way. They target the most used software to affect as many people as possible.
According to the recent Atlas VPN team findings, 51% of exploits sold on underground cybercriminal forums are for Microsoft products. The constantly growing number of published vulnerabilities could mean that the impact of cyberattacks will increase as well.
The numbers are based on Trend Micro Research about the rise and imminent fall of the n-day exploit market in the cybercriminal underground. The study was conducted for two years, from January 2019 to December 2020.
Microsoft Office exploits made up 23% of all vulnerabilities sold on underground forums. Cybercriminals find such exploits appealing as most of them work in every version of Word. Malicious Excel or Word files are sent out via phishing emails. Once the victim opens it, the file triggers malware which can steal login credentials, drop ransomware, or cryptocurrency miners.
Microsoft Windows exploits accounted for 12% of vulnerabilities sold on hacker forums. By purchasing Windows exploits, attackers can gain access to admin rights of your network or computer. With access to a network or a computer, hackers can spread the malware further and gain sensitive information.
Microsoft Remote Desktop Protocol (RDP) exploits counted for 10% of all sales. Unauthorized attackers who take control of this vulnerability can use your computer as though they would be sitting in front of it. What makes things worse is that RDP vulnerabilities can travel from one computer to another once there is a single infection.
Internet Explorer (IE) and Microsoft SharePoint each made up 3% of the vulnerabilities sold. A hacker who seeks to exploit IE vulnerability hosts a website designed to do so and then tricks the victims into visiting the site.
Successful exploitation of the SharePoint vulnerability would allow an attacker to carry out security actions in the context of the service account of the SharePoint web application.
A growing number of vulnerabilities
As cyberattack volume has been increasing, many hackers started to search for new undetected vulnerabilities they could exploit. New exploits mean new techniques cybercriminals can employ to launch threats.
The number of published software vulnerabilities in 2015 and 2016 were close to 6,500. At this time, one of the more used exploits was CVE-2015-1641 found in Microsoft Office software. An attacker who successfully abused this vulnerability could run any command on the target system he chooses.
In 2017, published vulnerabilities doubled in numbers reaching new heights of 14,644. One of the most dangerous exploits this year was CVE-2017-0144, which affected the Windows operating system. Hackers used the vulnerability to deliver WannaCry, Petya/NotPetya ransomware, resulting in one of the most damaging ransomware outbreaks to date.
Over the following years, published software vulnerabilities have continued to increase steadily. Last year, in 2020, a record-breaking 18,395 exploits were reported.
In March 2020, another concerning vulnerability was published — CVE-2020-0796. The flaw affects Windows 10 and Windows Server installations. CVE-2020-0796 could be abused in several ways, such as hackers launching a network-based attack, sending malware, or gaining privileges to the targets system.
Once the flaw becomes public, companies patch it up and neutralize the risk. However, for vulnerabilities to become inefficient, it is essential to update your devices’ operating systems and software regularly. By adding an antivirus and a firewall to your devices and network, you would stop most vulnerabilities even if they were overlooked before.
