Threat Actors and Exploits Top Ten Lists of 2018

in Ads Management -Post Before Content

AlienVault, an AT&T cyber security company, released a survey with Top Ten lists of security threats in 2018, from CVE numbers to Threat Actors based on the first two quarters of this year. From the table below, we can see a big trend regarding exploitation on Microsoft Office suite. The platform is commonly targeted to propagate threats via macro execution, where attackers trick the victims to execute malicious code.

The number one exploit ranked in the table however shows the use of a highly critical vulnerability in the Office suite affecting Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016. The vulnerability allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory (Microsoft Office Memory Corruption Vulnerability). A Proof of Concept Exploit code and demonstration video can be found on Github and YouTube.

Exploits Top Ten List 

RANK 

EXPLOIT  NUMBER OF REPORTS  RELATED TO PRODUCT 

1

CVE-2017-11882

18

MS Office

2

CVE-2017-8570 7 MS Office

3

CVE-2018-4878 7 Adobe Flash

4

CVE-2017-10271 6 WebLogic

5

CVE-2018-0802 6 MS Office
6 CVE-2017-0199 5

MS Office

7

CVE-2017-0144 4

Windows OS

8 CVE-2018-7600 4

Drupal

9 CVE-2017-8759 3

MS Office

10 CVE-2018-10561 3

GPON Routers

 

CVE-2017-11882 – Demonstration video by EMBEDI:

 

We can also see the appearance of Drupal ranked at the 8th position. The vulnerability allows remote attackers to execute arbitrary code and was named Drupalgeddon 2, widely exploited as soon as it made the news due how easy it’s to exploit. An exploit Proof of Concept can be found on Github.

Advanced Threat Actors Top Ten List

According to the survey the table below shows the Top Ten most reported APT group in the first two quarters of 2018.

RANK 

ADVANCED PERSISTENT THREAT LOCATION 

1

Lazarus Group North Korea
2 Sofacy

Russia

3

MuddyWater Iran
4 Oil Rig

Iran

5

Patchwork India
6 Energetic Bear

Russia

7

Kimsuky North Korea

8

APT 15

China

9 Stone Panda

China

10 Turia

Russia

 

It’s not a surprised to see Lazarus Group ranked as first, the cybercrime group is very active in the financial market. On October 2, 2018, the US-CERT, FBI, Homeland Security and Department of Treasury issued an alert regarding their activities on stealing money from ATMs in Asia and Africa since 2016, the campaign was named FASTCash. It’s important to mention the USA government uses the name Hidden Cobra to track Lazarus Group activity.

 

In such a wild environment, it’s important to have constant analysis on our corporate systems. Get in touch with LIFARS to schedule a call with our experts.

 


Source: https://www.alienvault.com/docs/whitepapers/2018-open-threat-exchange-trends.pdf