aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • Software

The Most Vulnerable Applications Used By Cybercriminals In Cyber Attacks

  • root
  • April 24, 2020
  • 2 minute read

Watch out, these applications have vulnerabilities with the highest share of exploits used by cybercriminals.

Distribution of exploits used in attacks by application type for Q3 2019. Adapted from “IT threat evolution Q3 2019. Statistics”, by AO Kaspersky Lab, 2019, retrieved from https://securelist.com/

Microsoft Office Suite, Android applications, and browsers are the three most common targets of cybercriminals during cyber attacks, according to the latest analysis of the AO Kaspersky Lab which was conducted for Q3 2019.


Partner with aster.cloud
for your next big idea.
Let us know here.



From our partners:

CITI.IO :: Business. Institutions. Society. Global Political Economy.
CYBERPOGO.COM :: For the Arts, Sciences, and Technology.
DADAHACKS.COM :: Parenting For The Rest Of Us.
ZEDISTA.COM :: Entertainment. Sports. Culture. Escape.
TAKUMAKU.COM :: For The Hearth And Home.
ASTER.CLOUD :: From The Cloud And Beyond.
LIWAIWAI.COM :: Intelligence, Inside and Outside.
GLOBALCLOUDPLATFORMS.COM :: For The World's Computing Needs.
FIREGULAMAN.COM :: For The Fire In The Belly Of The Coder.
ASTERCASTER.COM :: Supra Astra. Beyond The Stars.
BARTDAY.COM :: Prosperity For Everyone.

These three accounts for 95.41% of all the cyberattacks for the quarter. Other application types which recorded attacks — albeit considerably smaller — are Java (2.36%), Adobe Flash (1.57%), and PDF (0.66%).

Making up nearly all of the vulnerabilities exploited that are recorded by Kaspersky, you might be curious how these three software types are being used by cybercriminals for their attacks. Let’s dig deeper.

The most vulnerable

Vulnerabilities in the Microsoft Office Suite are the most exploited by cybercriminals, accounting for 72.85% of the exploits for Q3 2019. This is a distinction which the software has unfortunately retained from the preceding quarter.

Stack overflow errors are the most exploited among the vulnerabilities discovered in the Suite. These come from the Equation Editor application, a functionality formerly a  part of Microsoft Office.

An attacker can initiate the attack by convincing the user to open a link which directs them to a file that can exploit these errors.

This will allow an attacker to control the affected system. This lets them modify the installed programs in the device, modify data, or even create new users with administrative user rights.

Browser attacks

Kaspersky noted that modern browsers are complex software products which constantly produce new vulnerabilities, making them ideal targets for attacks. In Q3 2019, the exploitation of browser vulnerabilities accounted for 13.47% of the attacks recorded.

Read More  Integration Of Cloudian Object Storage And WekaFS™ Enables Rapid Processing Of Analytical Workloads And Saves 1/3 In Costs Over Traditional Storage Systems

Kaspersky said that Microsoft Internet Explorer is the most vulnerable among today’s browsers. For that quarter in particular, the zero-day vulnerability, CVE-2019-1367, which allows an attacker to take full control of the system if the target user is logged in with administrative user rights was actively exploited.

An unscheduled security patch from Microsoft was released in order to remedy the situation, indicating how severe the vulnerability was.

Being a web-based attack, a cybercriminal usually sends a link to the user via email which directs them to a website specifically designed to exploit this vulnerability.

Mobile threats

A fairly huge chunk of attacks come from the exploits of Android application vulnerabilities. In the third quarter of 2019, these accounted for 9.09% of all the recorded exploits.

For that quarter, a notable threat was discovered in  CamScanner, a popular Android application used for scanning documents. They detected a dropper component — a hard-to-detect malware which installs other malicious software — in an advertising library.

The dropper, known as Necro.n, executes a malicious code once the app is run. This allows the attacker to show intrusive advertising and even steal money by charging paid subscriptions.

These vulnerabilities arise from some of our most commonly used software. This brings to light the importance of installing the security updates regularly put out and being mindful of the applications that we download and use.


For enquiries, product placements, sponsorships, and collaborations, connect with us at [email protected]. We'd love to hear from you!

Our humans need coffee too! Your support is highly appreciated, thank you!

root

Related Topics
  • Applications
  • Cyberattacks
  • Cybercriminals
  • Cybersecurity
You May Also Like
View Post
  • Software
  • Technology

Canonical Releases Ubuntu 25.04 Plucky Puffin

  • April 17, 2025
View Post
  • Software
  • Technology

IBM Accelerates Momentum in the as a Service Space with Growing Portfolio of Tools Simplifying Infrastructure Management

  • March 27, 2025
Vehicle manufacturing
View Post
  • Software

IBM Study: Vehicles Believed to be Software Defined and AI Powered by 2035

  • December 12, 2024
aster-cloud-tux-gaming
View Post
  • Computing
  • Gears
  • Software

5 best Linux distributions for gamers in 2024

  • September 11, 2024
Crab
View Post
  • Gears
  • Learning
  • Software

The Best Friends for a Rustacean. Top Books in Learning Rust.

  • August 25, 2024
Coffee | Laptop | Notebook | Work
View Post
  • Software

The Hidden Economy Of Open Source Software

  • April 28, 2024
Redis logo
View Post
  • Platforms
  • Software

Redis Moves To Source-Available Licenses

  • April 2, 2024
View Post
  • Software
  • Technology

Charmed MongoDB Enters General Availability

  • March 26, 2024

Stay Connected!
LATEST
  • college-of-cardinals-2025 1
    The Definitive Who’s Who of the 2025 Papal Conclave
    • May 7, 2025
  • conclave-poster-black-smoke 2
    The World Is Revalidating Itself
    • May 6, 2025
  • 3
    Conclave: How A New Pope Is Chosen
    • April 25, 2025
  • Getting things done makes her feel amazing 4
    Nurturing Minds in the Digital Revolution
    • April 25, 2025
  • 5
    AI is automating our jobs – but values need to change if we are to be liberated by it
    • April 17, 2025
  • 6
    Canonical Releases Ubuntu 25.04 Plucky Puffin
    • April 17, 2025
  • 7
    United States Army Enterprise Cloud Management Agency Expands its Oracle Defense Cloud Services
    • April 15, 2025
  • 8
    Tokyo Electron and IBM Renew Collaboration for Advanced Semiconductor Technology
    • April 2, 2025
  • 9
    IBM Accelerates Momentum in the as a Service Space with Growing Portfolio of Tools Simplifying Infrastructure Management
    • March 27, 2025
  • 10
    Tariffs, Trump, and Other Things That Start With T – They’re Not The Problem, It’s How We Use Them
    • March 25, 2025
about
Hello World!

We are aster.cloud. We’re created by programmers for programmers.

Our site aims to provide guides, programming tips, reviews, and interesting materials for tech people and those who want to learn in general.

We would like to hear from you.

If you have any feedback, enquiries, or sponsorship request, kindly reach out to us at:

[email protected]
Most Popular
  • 1
    IBM contributes key open-source projects to Linux Foundation to advance AI community participation
    • March 22, 2025
  • 2
    Co-op mode: New partners driving the future of gaming with AI
    • March 22, 2025
  • 3
    Mitsubishi Motors Canada Launches AI-Powered “Intelligent Companion” to Transform the 2025 Outlander Buying Experience
    • March 10, 2025
  • PiPiPi 4
    The Unexpected Pi-Fect Deals This March 14
    • March 13, 2025
  • Nintendo Switch Deals on Amazon 5
    10 Physical Nintendo Switch Game Deals on MAR10 Day!
    • March 9, 2025
  • /
  • Technology
  • Tools
  • About
  • Contact Us

Input your search keywords and press Enter.