Home Security Windows flaw that allowed Stuxnet still being exploited

Windows flaw that allowed Stuxnet still being exploited

A vulnerability in Microsoft's Windows operating system that was used, allegedly by the US and Israel, to plant the Stuxnet virus in Iranian nuclear plants is still among the most exploited flaws in the OS.

Microsoft issued a patch for the flaw, documented as CVE-2010-2568, back in 2010.

Data from anti-virus company Kaspersky showed that almost a quarter of Windows users who experienced a threat to their systems in 2016 were faced by exploits of this flaw.

It said that the release of the recent batch of CIA exploits by Shadow Brokers had shown that the life of an exploit did not end once a patch was released to fix the vulnerability that it used.

"Our research suggests that threat actors are still actively and successfully exploiting vulnerabilities patched almost a decade ago," the company said, with the chart below illustrating this.

Kaspersky chart.

Kaspersky Lab also issued the following statistics about exploits in 2015-16:

  • In 2016 the number of attacks with exploits increased 24.54%, to 702,026,084 attempts to launch an exploit.
  • A total of 4,347,966 users were attacked with exploits in 2016 which is 20.85% less than in the previous year.
  • The number of corporate users who encountered an exploit at least once increased 28.35% to reach 690,557, or 15.76% of the total amount of users attacked with exploits.
  • Browsers, Windows, Android and Microsoft Office were the applications exploited most often – 69.8% of users encountered an exploit for one of these applications at least once in 2016.
  • In 2016, more than 297,000 users worldwide were attacked by unknown exploits (zero-day and heavily obfuscated known exploits).

Kaspersky found that Windows, Flash and Microsoft Office topped the list of software that was attacked in 2015-16.

kaspersky chart.

Graphics: courtesy Kaspersky Lab.

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

RECOVERING FROM RANSOMWARE

Ransomware is a type of malware that blocks access to your files and systems until you pay a ransom.

The first example of ransomware happened on September 5, 2013, when Cryptolocker was unleashed.

It quickly affected many systems with hackers requiring users to pay money for the decryption keys.

Find out how one company used backup and cloud storage software to protect their company’s PCs and recovered all of their systems after a ransomware strike.

DOWNLOAD THE REPORT!

Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.

 

Popular News

 

Telecommunications