SAN FRANCISCO – According to the recent Atlas VPN team findings, 51 percent of exploits sold on underground cybercriminal forums are for Microsoft products. The constantly growing number of published vulnerabilities could mean that the impact of cyberattacks will increase as well.

The numbers are based on Trend Micro Research about the rise and imminent fall of the n-day exploit market in the cybercriminal underground. The study was conducted for two years, from January 2019 to December 2020.

<div class=”infogram-embed” data-id=”02b0055f-59ef-4a11-af97-4e2475bc44c1″ data-type=”interactive” data-title=”51% of exploits sold on underground forums are Microsoft products”></div><script>!function(e,i,n,s){var t=”InfogramEmbeds”,d=e.getElementsByTagName(“script”)[0];if(window[t]&&window[t].initialized)window[t].process&&window[t].process();else if(!e.getElementById(n)){var o=e.createElement(“script”);o.async=1,o.id=n,o.src=”https://e.infogram.com/js/dist/embed-loader-min.js”,d.parentNode.insertBefore(o,d)}}(document,0,”infogram-async”);</script>

Microsoft Office exploits made up 23 percent of all vulnerabilities sold on underground forums. Cybercriminals find such exploits appealing as most of them work in every version of Word. Malicious Excel or Word files are sent out via phishing emails. Once the victim opens it, the file triggers malware which can steal login credentials, drop ransomware, or cryptocurrency miners.

Microsoft Windows exploits accounted for 12 percent of vulnerabilities sold on hacker forums. By purchasing Windows exploits, attackers can gain access to admin rights of your network or computer. With access to a network or a computer, hackers can spread the malware further and gain sensitive information.

Microsoft Remote Desktop Protocol (RDP) exploits counted for 10 percent of all sales. Unauthorized attackers who take control of this vulnerability can use your computer as though they would be sitting in front of it. What makes things worse is that RDP vulnerabilities can travel from one computer to another once there is a single infection.

Internet Explorer (IE) and Microsoft SharePoint each made up 3 percent of the vulnerabilities sold. A hacker who seeks to exploit IE vulnerability hosts a website designed to do so and then tricks the victims into visiting the site.

Successful exploitation of the SharePoint vulnerability would allow an attacker to carry out security actions in the context of the service account of the SharePoint web application.

A growing number of vulnerabilities

As cyberattack volume has been increasing, many hackers started to search for new undetected vulnerabilities they could exploit. New exploits mean new techniques cybercriminals can employ to launch threats.

The number of published software vulnerabilities in 2015 and 2016 were close to 6,500. At this time, one of the more used exploits was CVE-2015-1641 found in Microsoft Office software. An attacker who successfully abused this vulnerability could run any command on the target system he chooses.

In 2017, published vulnerabilities doubled in numbers reaching new heights of 14,644. One of the most dangerous exploits this year was CVE-2017-0144, which affected the Windows operating system. Hackers used the vulnerability to deliver WannaCry, Petya/NotPetya ransomware, resulting in one of the most damaging ransomware outbreaks to date.

Over the following years, published software vulnerabilities have continued to increase steadily. Last year, in 2020, a record-breaking 18,395 exploits were reported.

In March 2020, another concerning vulnerability was published — CVE-2020-0796. The flaw affects Windows 10 and Windows Server installations. CVE-2020-0796 could be abused in several ways, such as hackers launching a network-based attack, sending malware, or gaining privileges to the targets system.

In 2017, published vulnerabilities doubled in numbers reaching new heights of 14,644. One of the most dangerous exploits this year was CVE-2017-0144, which affected the Windows operating system. Hackers used the vulnerability to deliver WannaCry, Petya/NotPetya ransomware, resulting in one of the most damaging ransomware outbreaks to date.

Over the following years, published software vulnerabilities have continued to increase steadily. Last year, in 2020, a record-breaking 18,395 exploits were reported.

In March 2020, another concerning vulnerability was published — CVE-2020-0796. The flaw affects Windows 10 and Windows Server installations. CVE-2020-0796 could be abused in several ways, such as hackers launching a network-based attack, sending malware, or