Security

Exploit leaks led to 5M cybersecurity attacks in Q2, report says

Malicious attacks rose in Q2, due in large part to an increase in exploit packages in-the-wild, according to a Kaspersky Lab report.

Exploit packages in-the-wild dominated the Q2 cyberthreat landscape, according to a report from Kaspersky Lab released Wednesday. In the past three months, the firm noted more than 5 million attacks that involved exploits from archives leaked on the web, with growth peaking at the end of the quarter, indicating that the threat is likely to continue into Q3.

Attacks conducted via exploits are among the most effective, Kaspersky Lab noted, as they do not typically require any user interaction, and therefore can deliver malicious code without the user's knowledge. These tools are widely used by both cybercriminals looking to steal money from companies and individuals, and in more targeted attacks seeking sensitive information.

Q2 saw a large wave of these attacks due to a large number of exploits that were leaked on the web, Kaspersky Lab reported. And 82% of all attacks within the quarter were detected in the past 30 days alone. Shadow Brokers' publication of the "Lost in Translation" archive led to these attacks, as it contained a large number of exploits for different versions of Windows. Most of these vulnerabilities had already been patched by Microsoft's security update the month before the leak; however, it still led to disastrous consequences for many, Kaspersky Lab noted.

Malware that uses exploits from the archive can cause overwhelming damage, with ExPetr and WannaCry being the most notable recent examples. And the CVE-2017-0199 vulnerability in Microsoft Office, discovered in April, was patched the same month, but 1.5 million users were still attacked, the report stated.

SEE: 10 ways to minimize fileless malware infections

"The threat landscape of Q2 provides yet another reminder that a lack of vigilance is one of the most significant cyber dangers," said Alexander Liskin, security expert at Kaspersky Lab, in a press release. "While vendors patch vulnerabilities on a regular basis, many users don't pay attention to this, which results in massive-scale attacks once the vulnerabilities are exposed to the broad cybercriminal community."

The report also found that crypto-ransomware attacks were blocked on 246,675 unique computers, compared to 240,799 computers in Q1. Overall, Kaspersky Lab detected a total of 185,801,835 unique malicious and potentially unwanted objects in Q2, compared to 174,989,956 in Q1.

Kaspersky Lab recommends the following to reduce your risk of infection:

1. Keep the software installed on your PC up to date, and enable the auto-update feature if it is available.

2. Wherever possible, choose a software vendor that demonstrates a responsible approach to a vulnerability problem. Check if the software vendor has its own bug bounty program.

3. Use robust security solutions and make sure they keep all software up to date.

4. Regularly run a system scan to check for possible infections.

Want to use this data in your next business presentation? Feel free to copy and paste these top takeaways into your next slideshow.

  • Q2 saw more than 5 million attacks that involved exploits from archives leaked on the web. -Kaspersky Lab, 2017
  • 82% of all attacks within Q2 were detected in the past 30 days. -Kaspersky Lab, 2017
  • Kaspersky Lab detected a total of 185,801,835 unique malicious and potentially unwanted objects in Q2, compared to 174,989,956 in Q1. -Kaspersky Lab, 2017
istock-578833436.jpg
Image: iStockphoto/ValeryBrozhinsky

Also see

About Alison DeNisco

Alison DeNisco is a Staff Writer for TechRepublic. She covers CXO and the convergence of tech and the workplace.

Editor's Picks

Free Newsletters, In your Inbox