Adobe Flash and Microsoft Internet Explorer vulnerabilities dominated the Exploit Kit landscape last year, according to a report by Recorded Future.
“Exploit kits have long been a key tool in the arsenal of many attackers, from low-level gangs to highly organized cybercrime crews. Their attraction stems from their ease of use and the ability for attackers to add exploits for new vulnerabilities as needed,” explained On The Wire in their coverage of the report. “Researchers at Recorded Future looked at more than 140 exploit kits and analyzed which exploits appeared in the most kits in the last year, and it’s no surprise that Flash and IE exploits dominated the landscape.”
According to the report, six out of ten of the most “frequently targeted vulnerabilities” were in Flash, while the other four consisted of Microsoft products.
“Flash has been a favorite target for attackers for a long time, for two main reasons: it’s deployed on hundreds of millions of machines, and it has plenty of vulnerabilities,” continued On The Wire.
The popularity of individual exploit kits waxes and wanes over time and is affected by a number of factors, including price, detection rates, and the freshness of exploits. Angler has been one of the more popular kits for several years, but several of the people allegedly involved in the kit’s development and use were arrested in Russia this summer. The new kingpin is Sundown, which is known mainly for installing banking Trojans on compromised machines.
Despite the prevalence of vulnerabilities within Adobe Flash, Recorded Future claims that little progress has ensued following similar problems last year.
“Last year, the primary risk of contracting a nasty exploit kit was through Adobe product bugs, and Flash in particular,” they explained. “Unfortunately, the situation has not significantly improved.”
In response to the concerns over Flash, the report concludes by recommending that people update their versions of the product, or simply uninstall Flash completely if it isn’t a significant part of their daily browsing.
“For additional peace of mind, users of most modern browsers can turn on ‘Click to Load‘ features which automatically block Flash elements unless the user specifically clicks on them,” recommends the report additionally, while also suggesting readers use Google Chrome as their primary browser and backup important files regularly.