aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • Software

The Most Vulnerable Applications Used By Cybercriminals In Cyber Attacks

  • root
  • April 24, 2020
  • 2 minute read

Watch out, these applications have vulnerabilities with the highest share of exploits used by cybercriminals.

Distribution of exploits used in attacks by application type for Q3 2019. Adapted from “IT threat evolution Q3 2019. Statistics”, by AO Kaspersky Lab, 2019, retrieved from https://securelist.com/

Microsoft Office Suite, Android applications, and browsers are the three most common targets of cybercriminals during cyber attacks, according to the latest analysis of the AO Kaspersky Lab which was conducted for Q3 2019.


Partner with aster.cloud
for your next big idea.
Let us know here.



From our partners:

CITI.IO :: Business. Institutions. Society. Global Political Economy.
CYBERPOGO.COM :: For the Arts, Sciences, and Technology.
DADAHACKS.COM :: Parenting For The Rest Of Us.
ZEDISTA.COM :: Entertainment. Sports. Culture. Escape.
TAKUMAKU.COM :: For The Hearth And Home.
ASTER.CLOUD :: From The Cloud And Beyond.
LIWAIWAI.COM :: Intelligence, Inside and Outside.
GLOBALCLOUDPLATFORMS.COM :: For The World's Computing Needs.
FIREGULAMAN.COM :: For The Fire In The Belly Of The Coder.
ASTERCASTER.COM :: Supra Astra. Beyond The Stars.
BARTDAY.COM :: Prosperity For Everyone.

These three accounts for 95.41% of all the cyberattacks for the quarter. Other application types which recorded attacks — albeit considerably smaller — are Java (2.36%), Adobe Flash (1.57%), and PDF (0.66%).

Making up nearly all of the vulnerabilities exploited that are recorded by Kaspersky, you might be curious how these three software types are being used by cybercriminals for their attacks. Let’s dig deeper.

The most vulnerable

Vulnerabilities in the Microsoft Office Suite are the most exploited by cybercriminals, accounting for 72.85% of the exploits for Q3 2019. This is a distinction which the software has unfortunately retained from the preceding quarter.

Stack overflow errors are the most exploited among the vulnerabilities discovered in the Suite. These come from the Equation Editor application, a functionality formerly a  part of Microsoft Office.

An attacker can initiate the attack by convincing the user to open a link which directs them to a file that can exploit these errors.

This will allow an attacker to control the affected system. This lets them modify the installed programs in the device, modify data, or even create new users with administrative user rights.

Browser attacks

Kaspersky noted that modern browsers are complex software products which constantly produce new vulnerabilities, making them ideal targets for attacks. In Q3 2019, the exploitation of browser vulnerabilities accounted for 13.47% of the attacks recorded.

Read More  Learn Beam Patterns With Clickstream Processing Of Google Tag Manager Data

Kaspersky said that Microsoft Internet Explorer is the most vulnerable among today’s browsers. For that quarter in particular, the zero-day vulnerability, CVE-2019-1367, which allows an attacker to take full control of the system if the target user is logged in with administrative user rights was actively exploited.

An unscheduled security patch from Microsoft was released in order to remedy the situation, indicating how severe the vulnerability was.

Being a web-based attack, a cybercriminal usually sends a link to the user via email which directs them to a website specifically designed to exploit this vulnerability.

Mobile threats

A fairly huge chunk of attacks come from the exploits of Android application vulnerabilities. In the third quarter of 2019, these accounted for 9.09% of all the recorded exploits.

For that quarter, a notable threat was discovered in  CamScanner, a popular Android application used for scanning documents. They detected a dropper component — a hard-to-detect malware which installs other malicious software — in an advertising library.

The dropper, known as Necro.n, executes a malicious code once the app is run. This allows the attacker to show intrusive advertising and even steal money by charging paid subscriptions.

These vulnerabilities arise from some of our most commonly used software. This brings to light the importance of installing the security updates regularly put out and being mindful of the applications that we download and use.


For enquiries, product placements, sponsorships, and collaborations, connect with us at [email protected]. We'd love to hear from you!

Our humans need coffee too! Your support is highly appreciated, thank you!

root

Related Topics
  • Applications
  • Cyberattacks
  • Cybercriminals
  • Cybersecurity
You May Also Like
View Post
  • Software
  • Technology

Series Of Events Will Highlight Generative AI Use Cases Powered By Open Source Software

  • September 6, 2023
Internet of Things
View Post
  • Software
  • Technology

OpenHW Group Announces Tape Out of RISC-V-Based CORE-V MCU Development Kit for IoT Built with Open-Source Hardware & Software

  • August 16, 2023
View Post
  • Software
  • Software Engineering

End-to-End Secure Evaluation of Code Generation Models

  • August 11, 2023
Autonomous systems need to be reliable, so NASA puts the code it develops through rigorous testing, like this Artemis I launch countdown training simulation, to avoid potential failures.
View Post
  • Software
  • Technology

NASA Software Catalog Offers Free Programs for Earth Science, More

  • August 10, 2023
White House
View Post
  • Software
  • Technology

Biden-⁠Harris Administration Launches Artificial Intelligence Cyber Challenge to Protect America’s Critical Software

  • August 9, 2023
View Post
  • Software
  • Software Engineering

Simplifying Creation Of Go Applications On Google Cloud

  • August 6, 2023
View Post
  • Computing
  • Software
  • Technology

The Open Source Licensing War Is Over

  • August 4, 2023
C++
View Post
  • Engineering
  • Software
  • Software Engineering

Exploring The Future With The Past. The Pros And Cons of C++ In An Evolving Programming Landscape.

  • July 4, 2023

Stay Connected!
LATEST
  • 1
    Nvidia H100 Tensor Core GPUs Come To Oracle Cloud
    • September 24, 2023
  • 2
    Combining AI With A Trusted Data Approach On IBM Power To Fuel Business Outcomes
    • September 21, 2023
  • 3
    Start Your Ubuntu Confidential VM With Intel® TDX On Google Cloud
    • September 20, 2023
  • Microsoft and Adobe 4
    Microsoft And Adobe Partner To Deliver Cost Savings And Business Benefits
    • September 20, 2023
  • Coffee | Laptop | Notebook | Work 5
    First HP Work Relationship Index Shows Majority of People Worldwide Have an Unhealthy Relationship with Work
    • September 20, 2023
  • 6
    Oracle Expands Distributed Cloud Offerings to Help Organizations Innovate Anywhere
    • September 20, 2023
  • 7
    Huawei Connect 2023: Accelerating Intelligence For Shared Success
    • September 20, 2023
  • 8
    Huawei Releases Data Center 2030, Leading Innovation and Development of New Data Centers
    • September 20, 2023
  • Penguin 9
    How To Find And Fix Broken Packages On Linux
    • September 19, 2023
  • Volkswagen 10
    Volkswagen Races Toward Next-Gen Automotive Manufacturing Leadership With Google Cloud And T-Systems
    • September 19, 2023
about
Hello World!

We are aster.cloud. We’re created by programmers for programmers.

Our site aims to provide guides, programming tips, reviews, and interesting materials for tech people and those who want to learn in general.

We would like to hear from you.

If you have any feedback, enquiries, or sponsorship request, kindly reach out to us at:

[email protected]
Most Popular
  • 1
    VMware Scales Multi-Cloud Security With Workforce Identity Federation
    • September 18, 2023
  • Intel Innovation 2
    Intel Innovation 2023
    • September 15, 2023
  • 3
    Microsoft And Oracle Expand Partnership To Deliver Oracle Database Services On Oracle Cloud Infrastructure In Microsoft Azure
    • September 14, 2023
  • 4
    Real-Time Ubuntu Is Now Available In AWS Marketplace
    • September 12, 2023
  • 5
    IBM Brings Watsonx To ESPN Fantasy Football With New Waiver Grades And Trade Grades
    • September 13, 2023
  • /
  • Technology
  • Tools
  • About
  • Contact Us

Input your search keywords and press Enter.