Attacks via exploits can be very effective as they generally do not require any user interaction, and can deliver dangerous code without arousing user suspicion.
Along those lines, there were 702 million attempts to launch an exploit in 2016 – an increase of 24.54 percent from 2015, according to data gathered by Kaspersky Lab.
During the same period, more than 297,000 users worldwide ended up attacked by unknown exploits (Zero Day and heavily obfuscated known exploits), an increase of just under 7 percent over 2015, according to the report.
Exploits to the “Stuxnet vulnerability” (CVE-2010-2568) still top the list in terms of the number of attacked users – 1 in 4 users that encountered an exploit during 2016 faced that threat.
Overall, targeted attackers and campaigns from 2010 to 2016 made use of more than 80 vulnerabilities. Around two-thirds of these vulnerabilities ended up used and re-used by more than one threat actor.
Browsers, Windows OS, Android OS and Microsoft Office are the applications exploited most often – 69.8 percent of users encountered an exploit for one of these apps at least once in 2016.
The number of corporate users attacked by exploits increased 28.35 percent to reach more than 690,000. However, despite the growing number of attacks featuring exploits, and the growing number of corporate users attacked in this way, the number of private users who encountered an exploit attack in 2016 decreased just over 20 percent – from 5.4 million in 2015 to 4.3 million in 2016, according to the report.
A possible reason for this decline could be a reduction in the number of sources for exploits: 2016 saw several big and exploit kits (the Neutrino and Angler exploit kits) leave the underground market. This significantly affected the overall exploit threat landscape as cybercriminal groups apparently lost their capabilities to spread the malware.
Another reason is the faster reaction time of software vendors to newly discovered security issues. As a result, it is now far more expensive for cybercriminals to develop and support an effective exploit kit and simultaneously stay in profit. However, this is not the case when it comes to attacks against organizations.