A just released report from Recorded Future observes that eight out of ten vulnerabilities exploited via phishing attacks, exploit kits, or remote access trojans targeted Microsoft products. This was the second year in a row in which Microsoft was targeted the most. In 2017, seven of the top ten vulnerabilities affected Microsoft. The top exploited vulnerability on Recorded Future’s list, CVE-2018-8174, a Microsoft Internet Explorer vulnerability nicknamed “Double Kill,” was included in four exploit kits (RIG, Fallout, KaiXin, and Magnitude). These exploit kits spread the malware TrickBot through phishing attacks (WaterISAC posted a TrickBot security primer from MS-ISAC to its portal on Tuesday). Interestingly, Recorded Future also noted the development of new exploit kits has continued to drop amid a shift to more targeted attacks and less availability of zero-day vulnerabilities.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!