By Brooke Crothers, ,
Published September 06, 2018
The U.S. has the dubious honor of hosting more malicious web domains than any other country, a cybersecurity firm said this week.
A distant second was the Netherlands and even more distant were Russia and China, tied at seventh place, Palo Alto Networks said in a report this week, covering the second quarter. In fact, there was a steep drop-off of malicious domains hosted in Russia and China compared to the first-quarter, as China fell from the No. 2 spot, Palo Alto said.
Outside of the U.S. and the Netherlands, “hosted malicious domains dropped markedly across the globe,” the report added.
The U.S. also topped the rankings for exploit kits – used to launch attacks – at researchers. The U.S. was the number one source for the Grandsoft, Sundown, and Rig exploit kits and the number two for KaiXin.
The United States alone accounted for more exploit kits globally than all other countries combined, the report said.
Windows applications, and their vulnerabilities, remain very popular with attackers.
A vulnerability, identified as CVE-2016-0189, was at the top of the list, affecting Microsoft Internet Explorer and Microsoft Visual Basic programming language. This jumped to 472 malicious URLs in the second quarter, up from 219 in the first quarter.
The number two – and newest – vulnerability (CVE-2018-8174) also targeted Visual Basic and was exploited by 291 malicious URLs, the researchers said.
This took advantage of the “Double Kill Version 1” exploit. The researchers found the first active exploit in the wild on May 12, four days after a fix was issued. “It is interesting to point out that it took four days for threat actors to create and weaponize the exploit after Microsoft’s disclosure of the vulnerability,” the researchers said.
Surprisingly, malware still exploits security holes discovered more than nine years ago in Windows.
A nine-and-a-half-year-old Microsoft Internet Explorer 7 vulnerability ranked high as did another equally-old vulnerability that affects Microsoft Internet Explorer 5, 6 and 7, Palo Alto Networks researchers said.
Cybercriminals are not picky “as long as they get to infect a good amount of computers,” according to cybersecurity news site Bleeping Computer, which cited the report.
Adobe Reader was also a popular target.
“Based on our findings, our guidance is for organizations to focus on ensuring Microsoft Windows and Adobe Flash and Reader are fully up to date with the latest versions and security updates,” Palo Alto Networks said.