Microsoft Software Vulnerabilities Prevalent on Underground Criminal Forums

Microsoft software vulnerabilities are a hot commodity on underground criminal forums. Cybercriminals buy the vulnerabilities to launch attacks.

That’s according to recent Atlas VPN team findings. Cybercriminals sell software vulnerabilities they’ve discovered to one another, increasing their profit and causing more damage along the way.

More than half (51%) of exploits sold on underground cybercriminal forums are for Microsoft products. The increasing number of published Microsoft software vulnerabilities could intensify the impact of cyber crimes, according to Atlas VPN.

William Sword is a cybersecurity writer and researcher at Atlas VPN.

“Exploits for Microsoft products are popular because they have a large user base,” he said. “Most people have Windows operating systems installed on their computers, or they use Microsoft Word and Excel. The more people cybercriminals can affect, the better it is for them.”

Organizations should make sure the devices and software they use are updated to the newest version, Sword said.

“Once the vulnerabilities become public, companies like Microsoft patch them up, but it is essential to download the update for the vulnerability to become insufficient,” he said. “In addition, setting up antivirus software and firewall on your devices and network can help protect against exploits in case some vulnerability was overlooked. Also, it is crucial to educate your employees on security risks. Simulate phishing emails so next time a real phishing email comes, your workers are better prepared. If nobody falls for it, the cyberattack will never trigger.”

Numerous Microsoft Products

Microsoft Office exploits made up 23% of all vulnerabilities sold on underground forums. Malicious Excel or Word files are sent out via phishing emails. And once the victim opens them, the files trigger malware that can steal login credentials, and drop ransomware or cryptocurrency miners.

Microsoft Windows exploits accounted for 12% of vulnerabilities sold on hacker forums. By purchasing these exploits, attackers can gain access to administrative rights of your network or computer.

Microsoft Remote Desktop Protocol (RDP) exploits counted for 10% of all sales. Unauthorized attackers can use your computer as though they were sitting in front of it.

Internet Explorer (IE) and Microsoft SharePoint each made up 3% of the vulnerabilities sold.

Vulnerabilities Adding Up

As cyberattack volume began increasing, many hackers began searching for new undetected vulnerabilities they could exploit.

The number of published software vulnerabilities in 2015 and 2016 were close to 6,500, according to Atlas VPN. That jumped to 14,644 in 2017, and reached a record-breaking 18,395 last year.

One of the most dangerous exploits in 2017 was CVE-2017-0144, which affected the Windows operating system. Hackers used the vulnerability to deliver WannaCry and Petya/NotPetya ransomware. It resulted in one of the most damaging ransomware outbreaks to date.

In March 2020, another concerning vulnerability was published, CVE-2020-0796. Cybercriminals could abuse this exploit in several ways, such as launching a network-based attack, sending malware, or gaining privileges to the target’s system.