In 2017, exploit kit development declined 62 per cent, with only a few kits including AKBuilder, Disdain and Terror showing significant activity, according to a study by threat intel firm Recorded Future.
In contrast to previous years, criminal exploit kits and phishing campaigns favoured Microsoft products in 2017, rather than Adobe Flash vulnerabilities.
Exploiting Java and Adobe Flash flaws to push malware after tricking surfers into visiting booby-trapped websites has been the staple of so-called drive-by hacking attacks for years.
Java vulnerabilities dropped steadily between 2013 and 2016, prompting cybercriminals to switch over to Adobe Flash.
Now that route has also been throttled.
"The observed drop in exploit kit activity overlaps with the rapid decline of Flash Player usage," said Scott Donnelly, VP of technical solutions at Recorded Future.