Browser exploits are still the most effective exploited vulnerability from 2018. With new threats to mobile and IoT in the cyber security space our focus shifts in that direction, however, we still need to keep a close eye and be vigilant on the most effective exploit avenues such as browser exploit-ability.
Cyber security issues have grown exponentially especially over the past few years (according to Verizon's 2018 data breach investigations report - 53,308 security incidents, 2,216 data breaches, 65 countries, 67 contributors) encompassing a wide array of dimensions such as hacktivism (the use of hacking and technology to promote politics) such as where hackers broke into the social media account of journalists to spread their political viewpoint to more financial endeavours such as stealing information for profit such as the recent attack where hackers used malware to penetrate the network of Cabrini Hospital, stole 15,000 files and demanded a ransom.
You might ask how are these systems being exploited so often and what vulnerabilities are being targeted? Thanks to a report by Recorded Future, they have conducted research and given us an insight into the top cyber security vulnerabilities from Jan 1st, 2018 until Dec 31st 2018 - everything from exploit kits to trojan and phishing attacks.
A number of key points in what they discovered were:
Codenamed "Double Kill" or more officially known as CVE-2018-8174 is a Microsoft Internet Explorer vulnerability (affecting the VBScript engine) which allows hackers to corrupt the memory of a victim's system and execute arbitrary code (basically allowing the hacker to run commands on the exploited system to install software/delete files/change data or create accounts). As mentioned Internet Explorer is the primary vulnerable software for this exploit, however, because this can be launched from a number of applications like Microsoft Office, many Windows operating systems are affected.
CVE-2018-8174 is kicked into action when a user of a Windows-based system visits a malicious website crafted by a hacker. By visiting a website of this nature, an HTML page will be downloaded that contains malicious code (packaged as an MSHTML object) and executes it, resulting in your machine becoming exploited. How it manages to bypass the VBScript protection mechanisms is because this type of MSHTML object is not blacklisted and hence allows the code to be executed.
Thankfully Microsoft has now patched this serious vulnerability on May 2018 in all affected software (Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers).
As critical exploits such as these (often referred to as 0day) pop up across each year, there is not a whole lot you can do to avoid them if you are targeted until they are patched. Why is this? Often because general knowledge users are targeted who often don't have a large amount of cyber security education or awareness. Is there anything you can do in the meantime before these kinds of exploits get patched?
There are a few measures I have suggested: