Top 3 Sårbarheder Bruges i 2016 Exploit Kit angreb - Hvordan, Teknologi og pc-sikkerhed Forum |

Top 3 Sårbarheder Bruges i 2016 Exploit Kit angreb


A new research conducted by Digital Shadows reveals that 76 vulnerabilities are being exploited in exploit kit attacks. 27 of them are found in Flash. Despite the popularity of Flash flaws, an IE bug prevails in most attack scenarios and has proven to be attackers’ favorite means of exploit. Some of the flaws date back to 2013.

I fortiden, plenty of exploit kits were detected in the wild. I 2016, only a few of them are still seen as part of active malicious campaigns. The list of active EKs seen throughout 2016 includes Angler, Nuklear (both declared dead in April and June), Magnitude, RIG, Sundown, and Hunter. All the EKs are based on different flaws, in most cases public and patched. The choice of vulnerabilities to incorporate mostly depends on the skills of the malicious actor.

Relaterede: Nuklear EK Is Dead, Længe leve den Exploit Kit!

In addition to Flash and IE, Java is also quite famous in terms of exploitable vulnerabilities employed in EK-based attacks. Other exploited technologies are Mozilla Firefox, Adobe Reader, and Microsoft Silverlight.

Så, Which Are the Most Popular Vulnerabilities Used in Exploit Kit Attack Scenarios?

First Place: CVE-2013-2551 – the IE Bug Mostly Favored by Attackers

CVE-2013-2551 Official Description

Use-after-free vulnerability in Microsoft Internet Explorer 6 igennem 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka “Internet Explorer Use After Free Vulnerability,” a different vulnerability than CVE-2013-1308 and CVE-2013-1309.

Som du kan se, the bug is affecting IE6 to IE10 and causes remote code execution. Such an attack was demonstrated back in 2013 during the Pwn2Own completion at CanSecWest.

Second Place: CVE-2014-0515 – the Most Popular Bug in Flash Deployed by EK Operators

CVE-2014-0515 Official Description

Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before on Windows and OS X, and before on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, som udnyttes i naturen i april 2014.

Third Place: Split between CVE-2013-2465 in Java and CVE-2014-0569 in Flash

CVE-2013-2465 and CVE-2014-0569 Official Descriptions

CVE-2013-2465 is an unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Opdatering 21 og tidligere, 6 Opdatering 45 og tidligere, og 5.0 Opdatering 45 og tidligere, and OpenJDK 7. The flaw allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, as explained by MITRE researchers.

CVE-2014-0569, på den anden side, is an:

Integer overflow in Adobe Flash Player before and 14.x and 15.x before on Windows and OS X and before on Linux, Adobe AIR before, Adobe AIR SDK before, and Adobe AIR SDK & Compiler before allows attackers to execute arbitrary code via unspecified vectors.

Exploit Kit Developers Are Evolving Together with the Malware Market

Digital Shadow researchers have concluded that the exploit kit market is quickly changing and adapting itself to the needs of malware operators and to the changes in software. Som et resultat, many EKs are dropping support for older exploits and embracing newer flaws, mostly disclosed after 2015.

Endvidere, while CVE-2013-2551 [the IE bug described above] was the most shared of all the known vulnerabilities exploited, it is not known if this remains viable or present within exploit kits active at the time of writing,” the report concludes.

Milena Dimitrova

En inspireret forfatter, fokuseret på brugernes privatliv og skadeligt software. Nyder ’Mr. Robot’ og frygt ’1984’.

Flere indlæg - Websted

Efterlad en kommentar

Din e-mail-adresse vil ikke blive offentliggjort. Krævede felter er markeret *

Frist er opbrugt. Venligst genindlæse CAPTCHA.

Del på Facebook Del
Loading ...
Del på Twitter Tweet
Loading ...
Del på Google Plus Del
Loading ...
Del på Linkedin Del
Loading ...
Del på Digg Del
Del på Reddit Del
Loading ...
Del på Stumbleupon Del
Loading ...