A year-long research project that delved into the underground hacker market for exploits highlights how much threat actors love Microsoft bugs. Cybercriminal forums are full of hackers desperate for backdoors into Microsoft services.
Researchers say Microsoft products take up a massive 47 percent of all requests on these forums. There’s a good reason for the popularity of Microsoft amongst the hacking community.
The company’s services are spread throughout global enterprise. If a threat actor can access Microsoft services through a vulnerability, they will have access to systems of enterprise.
The research was handled by Trend Micro, and the data also shows 61 percent of all sold exploits are for Microsoft products. Among the most popular are Office, Windows, and Internet Explorer. During a session at the RSA Conference 2021, Senior Researcher Mayra Rosario Fuentes said the team looked at over 600 hacker forums over a year-long period.
Exploits were being sold for $2,000 on average, with a focus on the newest vulnerabilities. 54 percent of all sold vulnerabilities were less than 2 years old.
“We noticed what was requested was very similar to what the market was offering,” Fuentes said. “Cybercriminals may have seen the requested items from users before deciding what items to offer on the market.”
Following Microsoft, Adobe was the next most targeted provider. Trend Micro also found that it takes an average of 71 days for
Trend Micro also found that the average time it takes for companies to fix internet based flaws. That’s hardly a rapid response and gives threat actors plenty of time to exploit the vulnerabilities they buy.
Tip of the day:
Due to the various problems that arise with microphones, it can often be necessary to perform a mic test, but those wondering how to hear yourself on mic in Windows 10 are often left stumped. Microsoft’s OS doesn’t make it especially intuitive to listen to microphone playback or play the microphone through speakers. In our tutorial we show you how to hear yourself on mic with just a few clicks.