Exploit packages in-the-wild dominated the Q2 cyberthreat landscape, according to a report from Kaspersky Lab released Wednesday. In the past three months, the firm noted more than 5 million attacks that involved exploits from archives leaked on the web, with growth peaking at the end of the quarter, indicating that the threat is likely to continue into Q3.
Attacks conducted via exploits are among the most effective, Kaspersky Lab noted, as they do not typically require any user interaction, and therefore can deliver malicious code without the user's knowledge. These tools are widely used by both cybercriminals looking to steal money from companies and individuals, and in more targeted attacks seeking sensitive information.
Q2 saw a large wave of these attacks due to a large number of exploits that were leaked on the web, Kaspersky Lab reported. And 82% of all attacks within the quarter were detected in the past 30 days alone. Shadow Brokers' publication of the "Lost in Translation" archive led to these attacks, as it contained a large number of exploits for different versions of Windows. Most of these vulnerabilities had already been patched by Microsoft's security update the month before the leak; however, it still led to disastrous consequences for many, Kaspersky Lab noted.
Malware that uses exploits from the archive can cause overwhelming damage, with ExPetr and WannaCry being the most notable recent examples. And the CVE-2017-0199 vulnerability in Microsoft Office, discovered in April, was patched the same month, but 1.5 million users were still attacked, the report stated.
"The threat landscape of Q2 provides yet another reminder that a lack of vigilance is one of the most significant cyber dangers," said Alexander Liskin, security expert at Kaspersky Lab, in a press release. "While vendors patch vulnerabilities on a regular basis, many users don't pay attention to this, which results in massive-scale attacks once the vulnerabilities are exposed to the broad cybercriminal community."
The report also found that crypto-ransomware attacks were blocked on 246,675 unique computers, compared to 240,799 computers in Q1. Overall, Kaspersky Lab detected a total of 185,801,835 unique malicious and potentially unwanted objects in Q2, compared to 174,989,956 in Q1.
Kaspersky Lab recommends the following to reduce your risk of infection:
1. Keep the software installed on your PC up to date, and enable the auto-update feature if it is available.
2. Wherever possible, choose a software vendor that demonstrates a responsible approach to a vulnerability problem. Check if the software vendor has its own bug bounty program.
3. Use robust security solutions and make sure they keep all software up to date.
4. Regularly run a system scan to check for possible infections.
Want to use this data in your next business presentation? Feel free to copy and paste these top takeaways into your next slideshow.
- Q2 saw more than 5 million attacks that involved exploits from archives leaked on the web. -Kaspersky Lab, 2017
- 82% of all attacks within Q2 were detected in the past 30 days. -Kaspersky Lab, 2017
- Kaspersky Lab detected a total of 185,801,835 unique malicious and potentially unwanted objects in Q2, compared to 174,989,956 in Q1. -Kaspersky Lab, 2017
- 10 bad habits cybersecurity professionals must break (TechRepublic)
- How to make your employees care about cybersecurity: 10 tips (TechRepublic)
- four (ZDNet)
- How the National Cybersecurity Center mitigates 90% of attacks reported (TechRepublic)
- Building a network of trust: Don't let partners be your weakest link in cybersecurity (ZDNet)
- Security awareness and training policy (Tech Pro Research)
Alison DeNisco Rayome has nothing to disclose. She does not hold investments in the technology companies she covers.
Alison DeNisco Rayome is a Staff Writer for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.