Demystifying the Exploit Kit

Show left menu  
Hide left menu  

15 Dec. 2015

Exploit kits (EKs) are becoming a key tool of choice for cybercriminals, with the top seven kits responsible for over one million attacks in the UK since January 2015. Despite this, many companies do not understand how exploit kits work and the threats they pose, according to our latest white paper written in collaboration with CERT UK, the UK National Computer Emergency Response Team. The paper titled, Demystifying the Exploit Kit, identifies and analyses the most prevalent exploit kits currently attacking UK organisations and provides advice to put in place a defensive plan and mitigation strategy.

Exploit kits are automated toolkits or frameworks designed to scan a victim’s web browser, find vulnerabilities and then exploit them to deliver a malicious payload. This is often achieved by an attacker compromising an existing legitimate website or using code embeded within online adverts to deploy the kits, a technique known as ‘malvertising’.

While there are at least 30 EKs currently available in the criminal market, our researchers focused on the top seven that pose the biggest threats. AnglerEK is the number one exploit kit with 769,211 attacks this year, holding 74% of the overall ‘market’. Other exploit kits investigated included, Nuclear, Fiesta, Rig, Neutrino, Sweet Orange and Magnitude.

“The reason exploit kits continue to remain such a formidable threat is their ability to quickly exploit vulnerabilities that have not been patched,” says the paper. “Adding a malicious payload into an exploit kit is as simple as uploading a file or photo to a social media site. The success of AnglerEK is based on its ability to upload exploits quicker than others, a simple management interface and effective profiling and obfuscation techniques to evade detection.”

“Exploit kits have become a lucrative business for criminals and will remain a serious threat to UK organisations,” said the paper. This white paper is designed to make sure businesses are aware of the threats so they can mitigate risk and have a proper response procedure in place if they are attacked.

Read the full white paper
Back to Top