For the third year in a row, cybercriminals employed vulnerabilities in Microsoft products far more so than security flaws in any other technology, new data for 2019 shows.
Eight out of the 10 most exploited vulnerabilities in 2019 in fact impacted Microsoft products. The other two—including the most exploited flaw—involved Adobe Flash Player, the previous top attacker favorite, according to analysis by Recorded Future.
Like it has done for past several years, Recorded Future analyzed data gathered from vulnerability databases and other sources to try and identify the vulnerabilities that were most used in phishing attacks, exploit kits, and remote access Trojans.
The threat intelligence firm considered data on some 12,000 vulnerabilities that were reported and rated through the Common Vulnerabilities and Exposure (CVE) system last year. Vulnerabilities related to nation-state exploits were specifically excluded from the list because such flaws are not typically offered for sale or even mentioned much on underground forums, according to Recorded Future.
The 2019 analysis showed a continued—and unsurprising—preference among cybercriminals for flaws impacting Microsoft software.