BuzzSec Blog - On The Recorded Future: Top 2019 Exploited Vulnerabilities List

I wanted to get this info out there because I think it is pretty interesting stuff and Recorded Future has a great reputation for their scientific approach. This document can be downloaded after filling out some information here: https://www.recordedfuture.com/top-vulnerabilities-2019/

Without further ado, here are key take-away from the Recorded Future Report -Buzz

Key Observations 

  • For a third straight year, Microsoft was the technology most affected by vulnerabilities, with eight of the top 10 vulnerabilities identified targeting its products, the same number as in our 2018 report. 
  • For the first year, six of the vulnerabilities, all impacting Microsoft, were repeats from the prior year. CVE-2018-8174 dropped one spot from the top exploited vulnerability in 2018 to the second in 2019; CVE-2017-11882 stayed in the third spot, while CVE-2012-0158 dropped from ninth to tenth. 
  • Only one vulnerability from the 2019 calendar year was ranked in the top 10 that impacted Internet Explorer 10 and 11: CVE-2019-0752. This vulnerability was included in a new exploit kit called Capesand. 
  • The number of new exploit kits continued to decrease, dropping from five to four in 2019. Capesand was one new exploit kit that targeted vulnerabilities on this list. An underground forum user claimed to stop development on both Capesand and DarkRat in December 2019. 
  • In 2019, 23 new remote access trojans (RATs) were released compared to 37 in 2018. Only one of these new RATs — BalkanRAT — was associated with a top vulnerability that impacted Microsoft WinRAR ACE: CVE-2018-20250.


In 2019, Recorded Future observed strong overlap between the top vulnerabilities observed this year and those in 2018, with six of the vulnerabilities repeated from the prior year.

 
One notable observation from the table above is that CVE-2017- 0199 was ranked as one of the top exploits over the past three calendar years — this is the second occurrence with this annual report, as CVE-2016-0189 was the first vulnerability to make the top 10 vulnerability list three years in a row in 2018’s report. In 2018, CVE-2017-0199 ranked fifth due to its inclusion in the ThreadKit exploit kit and its association with eight different types of malware. CVE-2017-0199 stayed in the top 10 in 2019 as it is still an often-exploited Microsoft vulnerability and still advertised on underground forums for sale with the Silent Doc exploit.

This report continues the trend of analyzing co-occurrences of vulnerabilities with exploit kits and RATs. Recorded Future used a list of 184 exploit kits, using Recorded Future’s exploit kit malware category, as one of the parameters to determine the top referenced and exploited vulnerabilities of 2019. Similarly, the ranking of the top exploited vulnerabilities was based on the co-occurrence with 551 RATs, also from Recorded Future’s RAT malware category.

Comments

Post a Comment

Popular posts from this blog

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"

Image
Eric Howes , KnowBe4 Principal Lab Researcher, found out about another insidious bad guy trick: " If you work in IT there has undoubtedly come a dark moment when you wondered to yourself just who among your employee users would be gullible enough to click through a phishing email and potentially bring down your organization. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/when-users-add-their-names-to-a-wall-of-shame
Read more

Krebs - NY Charges First American Financial for Massive Data Leak

Image
In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the target of their first ever cybersecurity enforcement action in connection with the incident, charges that could bring steep financial penalties. First American Financial Corp. Santa Ana, Calif.-based  First American [ NYSE:FAF ] is a leading provider of title insurance and settlement services to the real estate and mortgage industries. It employs some 18,000 people and brought in $6.2 billion in 2019 . As first reported here last year , First American’s website exposed 16 years worth of digitized mortgage title insurance records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images. The docum
Read more

SBS CyberSecurity - In The Wild 166

Image
  In The Wild - CyberSecurity Newsletter Welcome to the 166 th issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. CyberRiskNOW Virtual Conference SBS Educational Resources This virtual conference is designed to provide interactive training on evo
Read more