Demystifying the Exploit Kit
15 Dec. 2015
Exploit kits are automated toolkits or frameworks designed to scan a victim’s web browser, find vulnerabilities and then exploit them to deliver a malicious payload. This is often achieved by an attacker compromising an existing legitimate website or using code embeded within online adverts to deploy the kits, a technique known as ‘malvertising’.
While there are at least 30 EKs currently available in the criminal market, our researchers focused on the top seven that pose the biggest threats. AnglerEK is the number one exploit kit with 769,211 attacks this year, holding 74% of the overall ‘market’. Other exploit kits investigated included, Nuclear, Fiesta, Rig, Neutrino, Sweet Orange and Magnitude.
“The reason exploit kits continue to remain such a formidable threat is their ability to quickly exploit vulnerabilities that have not been patched,” says the paper. “Adding a malicious payload into an exploit kit is as simple as uploading a file or photo to a social media site. The success of AnglerEK is based on its ability to upload exploits quicker than others, a simple management interface and effective profiling and obfuscation techniques to evade detection.”
“Exploit kits have become a lucrative business for criminals and will remain a serious threat to UK organisations,” said the paper. This white paper is designed to make sure businesses are aware of the threats so they can mitigate risk and have a proper response procedure in place if they are attacked.Read the full white paper