third Cyber Security Assessment Netherlands - NCSC
third Cyber Security Assessment Netherlands - NCSC
third Cyber Security Assessment Netherlands - NCSC
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
As described earlier, the total number of vulnerabilities in browsers<br />
continues to rise. Based on this, the number of available exploits for<br />
browsers can also be expected to rise. However this appears not to<br />
be the case. Figure 12 shows the total number of exploits available<br />
for the browsers as described previously under vulnerabilities.<br />
Figure 12 shows that the number of browser exploits reached a peak<br />
in 2010 (84 exploits) and then declined rapidly to just 16 in 2012.<br />
7.3.2 Exploit kits<br />
Exploit kits bundle together ready-to-use exploits for vulnerabilities<br />
that can be used to infect large volumes of systems very quickly.<br />
Criminals often use exploit kits to build up a botnet by ‘drive-by’<br />
This maximises the chance of the exploit kit infecting a large<br />
number of systems over a short period of time. It seems that Oracle<br />
Java and Microsoft Internet Explorer are by far the most popular<br />
targets for attack by exploit kits: half of all exploits are in relation<br />
to these products. These are followed by Adobe Flash and Adobe<br />
Reader. Figure 13 provides a summary of the products that exploit<br />
kits target.<br />
In some cases, the exploit kits themselves contain exploits for<br />
vulnerabilities in Internet Explorer from 2004 and 2005 (Internet<br />
Explorer 5.01, 5.5 and 6, which are often still in use in combination<br />
with Windows XP). This points to old versions and sometimes<br />
versions that are no longer supported still being in use.<br />
90<br />
Exploits for browser vulnerabilities (2005-2012)<br />
80<br />
70<br />
60<br />
50<br />
40<br />
30<br />
20<br />
10<br />
0<br />
2005 2006 2007 2008 2009 2010 2011 2012<br />
g Internet Explorer g Firefox g Safari g Google Chrome g Opera<br />
Figure 12. Development in number of exploits for browsers<br />
attacks. Contagiodump [195] is a source on the internet that collates<br />
and makes available information about exploit kits, providing<br />
insight into the exploit kits that are available and the vulnerabilities<br />
they abuse. A recent survey [196] of 38 exploit kits (and versions of<br />
them) reveals that together they are actively abusing 65 vulnerabilities.<br />
Some exploit kits contain just two exploits whereas other<br />
exploit kits abuse more than ten.<br />
Exploit kits generally include exploits that appear to be effective and<br />
abuse vulnerabilities in the software installed on many systems.<br />
195 http://contagiodump.blogspot.com<br />
196 https://docs.google.com/spreadsheet/ccc?key=0AjvsQV3iSLa1dE9EVGhjeUhvQTNReko3c2xhT<br />
mphLUE&usp=sharing (updated March 2013).<br />
The fact that attacks on these products can be successful is also<br />
indicated by figures published by Microsoft regarding the installation<br />
of security updates by end users. [24: MS 2012-1] These figures show,<br />
for example, that 94 per cent of computers worldwide that have<br />
Java, have not installed the latest update of this software and that 51<br />
per cent of all computers have missed the last three Java updates.<br />
Equally, almost half of end-users have missed the last three updates<br />
of other software such as Adobe Reader and Flash Player. Another<br />
alarming conclusion reached by Microsoft is that 7 per cent of all<br />
Adobe Reader users have a version that is no longer supported by<br />
Adobe and for which Adobe therefore no longer issues updates. This<br />
percentage is as high as 9 per cent for Microsoft Word.<br />
Popular exploit kits such as BlackHole, Cool Exploit, Eleonore,<br />
Incognito, Yes and Crimepack automatically infect computers by<br />
86