Exploit kit development has gone to sh$t... ever since Adobe Flash was kicked to the curb

Coinkidink? Nah. Crooks are switching tactics

There was a big drop in exploit kit development last year, and experts have equated this to the phasing out of Adobe Flash.

In 2017, exploit kit development declined 62 per cent, with only a few kits including AKBuilder, Disdain and Terror showing significant activity, according to a study by threat intel firm Recorded Future.

In contrast to previous years, criminal exploit kits and phishing campaigns favoured Microsoft products in 2017, rather than Adobe Flash vulnerabilities. Exploiting Java and Adobe Flash flaws to push malware after tricking surfers into visiting booby-trapped websites has been the staple of so-called drive-by hacking attacks for years.

Java vulnerabilities dropped steadily between 2013 and 2016, prompting cybercriminals to switch over to Adobe Flash. Now that route has also been throttled.

"The observed drop in exploit kit activity overlaps with the rapid decline of Flash Player usage," said Scott Donnelly, VP of technical solutions at Recorded Future. "Users have shifted to more secure browsers, and attackers have shifted as well. Spikes in cryptocurrency mining malware and more targeted victim attacks have filled the void."

The Flash suite is over 20 years old and slated for retirement at 2020 at the latest. ®




Biting the hand that feeds IT © 1998–2018