Threat Actors and Exploits Top Ten Lists of 2018

Advanced Persistent Threat Lock Image

AlienVault, an AT&T cyber security company, released a survey with Top Ten lists of security threats in 2018, from CVE numbers to Threat Actors based on the first two quarters of this year. From the table below, we can see a big trend regarding exploitation on Microsoft Office suite. The platform is commonly targeted to propagate threats via macro execution, where attackers trick the victims to execute malicious code.

The number one exploit ranked in the table however shows the use of a highly critical vulnerability in the Office suite affecting Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016. The vulnerability allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory (Microsoft Office Memory Corruption Vulnerability). A Proof of Concept Exploit code and demonstration video can be found on Github and YouTube.

Exploits Top Ten List 

RANK 

EXPLOIT NUMBER OF REPORTS RELATED TO PRODUCT 

1

CVE-2017-11882

18

MS Office

2

CVE-2017-85707MS Office

3

CVE-2018-48787Adobe Flash

4

CVE-2017-102716WebLogic

5

CVE-2018-08026MS Office
6CVE-2017-01995

MS Office

7

CVE-2017-01444

Windows OS

8CVE-2018-76004

Drupal

9CVE-2017-87593

MS Office

10CVE-2018-105613

GPON Routers

 

CVE-2017-11882 – Demonstration video by EMBEDI:

 

We can also see the appearance of Drupal ranked at the 8th position. The vulnerability allows remote attackers to execute arbitrary code and was named Drupalgeddon 2, widely exploited as soon as it made the news due how easy it’s to exploit. An exploit Proof of Concept can be found on Github.

Advanced Threat Actors Top Ten List

According to the survey the table below shows the Top Ten most reported APT group in the first two quarters of 2018.

RANK 

ADVANCED PERSISTENT THREATLOCATION 

1

Lazarus GroupNorth Korea
2Sofacy

Russia

3

MuddyWaterIran
4Oil Rig

Iran

5

PatchworkIndia
6Energetic Bear

Russia

7

KimsukyNorth Korea

8

APT 15

China

9Stone Panda

China

10Turia

Russia

 

It’s not a surprised to see Lazarus Group ranked as first, the cybercrime group is very active in the financial market. On October 2, 2018, the US-CERT, FBI, Homeland Security and Department of Treasury issued an alert regarding their activities on stealing money from ATMs in Asia and Africa since 2016, the campaign was named FASTCash. It’s important to mention the USA government uses the name Hidden Cobra to track Lazarus Group activity.

 

In such a wild environment, it’s important to have constant analysis on our corporate systems. Get in touch with LIFARS to schedule a call with our experts.

 


Source: https://www.alienvault.com/docs/whitepapers/2018-open-threat-exchange-trends.pdf