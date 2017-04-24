The number of attacks using flaws in software increased by a quarter, to over 702 million attempts last year, according to a new report by Kaspersky Lab.

In 2016, there were 702,026,084 attempts to launch an exploit, up by 24.54 percent on 2015, according to the report which also showed that 347,966 users were attacked with exploits in 2016, 20.85 percent fewer than in the previous year.

It was also found that the number of corporate users encountering an exploit at least once increased 28.35 percent to reach 690,557, or 15.76 per cent of the total number of users attacked with exploits.

Among the applications exploited most often were browsers, the Windows and Android operating systems and Microsoft Office, with 69.8 percent of users encountering an exploit for one of these applications at least once in 2016. More than 297,000 users worldwide were attacked by unknown exploits.

The report said that despite the growing number of attacks featuring exploits, and the growing number of corporate users attacked in this way, the number of private users who encountered an exploit attack in 2016 decreased to just over 20 percent – from 5.4 million in 2015 to 4.3 million in 2016.

Researchers said that a possible reason for this decline could be a reduction in the number of sources for exploits: 2016 saw several big and popular exploit kits (the Neutrino and Angler exploit kits) leave the underground market. This significantly affected the overall exploit threat landscape as many cyber-criminal groups apparently lost their capabilities to spread the malware, said researchers.

Alexander Liskin, security expert at Kaspersky Lab, said that professional cyber-espionage groups still have the budgets and skills to develop and distribute sophisticated exploits.

“The recent leak of malicious tools allegedly used by the Equation Group is an illustration of this. However, this doesn't mean that it is impossible to protect your organisation against exploit-based attacks,” he said.

This article originally appeared at scmagazineuk.com