AlienVault has released a new analysis on the top exploits and threat actors of the first half of 2018, including changes from the respective 2017 reports. The company also announce that Open Threat Exchange, one of AlienVault’s primary data sources for the analysis and the world’s largest open threat intelligence community, has reached 100,000 participants.
Key findings from the analysis include:
- More non-Microsoft exploits are in the top exploits list this year, largely due to a rise of server exploits, particularly cryptocurrency-mining botnets that use remote exploits, such as Drupal
- An IoT exploit made the list for the first time
- Lazarus dethroned Fancy Bear (APT 28) as the top reported threat actor
- There has been a resurgence in Chinese attacks targeted at the West
- Three of the groups are based in Russia, two in China and two in Iran
- The report also analyzes trends in threat intelligence collaboration, finding that researchers are increasingly sharing and sourcing threat data through Twitter (it’s now the most common medium)
AlienVault referenced the billions of security events shared within its OTX as well as from its customers, researchers and other vendor reports.