Security Market Segment LS
Thursday, 05 April 2018 12:00

Microsoft products top target for cyber criminals in 2017: study


Vulnerabilities in Adobe's Flash Player took second place to flaws in Microsoft products last year in a list of the most used avenues of attack by cyber criminals compiled by security firm Recorded Future.

The company said that in the two previous years — 2015 and 2016 — Flash had been the main avenue for exploits in the samples it studied. But Microsoft's products surged back to the top last year.

"In 2017, seven of the top 10 vulnerabilities exploited targeted Microsoft products, with the remaining three targeting Flash. This is a steep decline from previous years – Flash accounted for six of the top 10 in 2016, and eight in 2015," it said.

The main findings in the vulnerability study for 2017 were:

  • Microsoft products provided seven of the top 10 vulnerability exploits adopted by exploit kits and phishing campaigns.
  • For the first time, three vulnerabilities remained on the list from one year to the next. For example, the top exploited vulnerability from 2016, CVE-2016-0189 in Microsoft’s Internet Explorer, remained a popular inroad for criminals. Dark Web conversations highlighted a lack of new and effective browser exploits.
  • In 2017, exploit kits saw a 62% decline in development. Only a few exploit kits, including AKBuilder, Disdain, and Terror saw significant activity. Multiple factors, including more specific victim targeting, shifts to more secure browsers, and a rise in cryptocurrency mining malware are likely to have caused the decline.
  • Dark Web forums and marketplaces continued to offer high and low-quality exploit kit options, with prices ranging from US$80 per day for services, to US$25,000 for full source-code access. Exploit builders for top-ranked Microsoft Office vulnerability CVE-2017-0199 ranged from US$400 to US$800 in 2017.

"Some of this change is due to evolving criminal use of exploited vulnerabilities," Recorded Future's Scott Donnelly said. "Overall, exploit kits are declining as criminal efforts have adapted.

"This comes as cryptocurrency mining malware popularity rose in the past year. Profiting from cryptocurrency mining has its advantages, including less time spent on collecting victim ransomware payments and the avoidance of rising bitcoin transaction fees."

The most commonly observed vulnerability that came under attack was CVE-2017-0199 which affects many Microsoft Office products and allows attackers to download and execute a Visual Basic script containing Powershell commands from a malicious document.

There were numerous malware that took advantage of this vulnerability: Latentbot, Microsoft Word Intruder, Hancitor, Dridex, FinFisher, Silent Doc Exploit, REMCOS, PoohMilk, Freenki, FreeMilk and Cerber.

The study can be downloaded here after registration.

Update: The original headline on this article said "Windows top target for cyber criminals in 2017: study". It has been changed to reflect the fact that Microsoft products were the top target, not only Windows.


Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.



Some of the most important records are paper-based documents that are slow to issue, easy to fake and expensive to verify.

Digital licenses and certificates, identity documents and private citizen immunity passports can help you deliver security and mobility for citizens’ information.

Join our webinar: Thursday 4th June 12 midday East Australian time


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments