We're Moving! - Websites, That Is
Cybercrime and Dark Web Research / Understanding Exploit Kits’ Most Popular Vulnerabilities

Understanding Exploit Kits’ Most Popular Vulnerabilities

Understanding Exploit Kits’ Most Popular Vulnerabilities
Michael Marriott
Read More From Michael Marriott
September 12, 2016 | 2 Min Read

One significant aspect of mitigating the risk posed by exploit kits is keeping software up-to-date. However, for some organizations, knowing what to patch as a priority can be difficult. Our latest whitepaper helps organizations to understand what vulnerabilities are most frequently targeted and helps them to prioritize their patching processes.

In order to assess the popularity of vulnerabilities (and in turn help organizations to prioritize their patching processes), it is possible to look at both the vulnerabilities that the exploit kits exploit, as well as how many times the vulnerabilities were mentioned alongside the exploit kits.

The vulnerability that had been implemented into the most exploit kits was shown to be CVE-2013-2551, which was a Microsoft Internet Explorer vulnerability affecting versions 6 through to 10. It allowed remote attackers to execute arbitrary code via a crafted website. The likely reason for this vulnerability being so widely exploited was that a proof of concept (POC) exploit had been made publicly available in May 2013, after it had been exploited at a prominent security conference the same year. The top 20 vulnerability findings are illustrated in Figure 1.

Exploit Kits and Vulnerabilities

Figure 1 – A graph showing the number of exploit kits exploiting a given vulnerabilities

 Exploit Kit Vulnerabilities Descriptions

Figure 2 – Top 7 CVE numbers and description

Using a list of exploit kit names and searching the vulnerabilities researched in the report alongside them, it was possible to supplement the above findings. We used mentions of CVEs and exploit kits sourced from the dark web, including criminal forums, .onion and I2P domains, security researcher blogs and security vendor blog pages as part of this research. Figure 3 shows a strong correlation between how many exploit kits have exploited a vulnerability, and how frequently these are mentioned alongside each other.

Exploit Kit Vulnerabilities and Mentions

Figure 3 – Comparison of top 10 vulnerabilities based on CVE mentions and exploit kits exploiting them

While these vulnerabilities are shown to be common across exploit kits, this is not exhaustive and will likely change in the future. Nevertheless, organizations can learn which vulnerabilities should definitely be patched as a priority. You can read more about the most popular exploit kits and the vulnerabilities they exploit in or white paper ‘In the business of exploitation’.

Related Blog Posts

2023 Cyber Threat Predictions

2023 Cyber Threat Predictions

November 1, 2022 | 14 Min Read

As we move towards the end of 2022, now is the...
Cybersecurity Awareness Month 2022: Have you forgotten about phishing?

Cybersecurity Awareness Month 2022: Have you forgotten about phishing?

October 25, 2022 | 7 Min Read

Thanks for joining us for the first release in...
Ransomware In Q3 2022

Ransomware In Q3 2022

October 19, 2022 | 11 Min Read

Ransomware activity decreased in the third...