Over the past months, cyberc riminals have been working hard to improve Exploit kits’ performance and take advantage of the security vulnerabilities they come across. For that reason, the level at which exploit kits currently operate at is rather disturbing.
Dell and the subsidiary SonicWall have around 1 million security sensors altogether in over 200 countries and territories. It has combined the data collected from those sensors with shared threat intelligence from more than 50 industry collaboration groups and research organizations to compile the 2015 Dell Security Annual Report.
Last year, Dell and SonicWall blocked 2.17 trillion Intrusion prevention system attacks and 8.19 billion malware. The pair saw a 73 per cent increase in unique malware samples compared to 2014.
Among the most interesting things Dell and SonicWall observed then used to be the efficiency of exploit kits, pre-packaged software that can be used to infiltrate computers and servers and take advantage of vulnerabilities automatically.
Unfortunately, hackers have various choices when it comes to exploit kits. Numerous kits can be found on the black market, which can even adapt themselves to exploit zero-day vulnerabilities. One exploit kit can earn its developer up to $50,000 per day and some have been created to be used as software-as-a-service.
The report shows that the most popular exploit kits used in 2015 were:
- Angler: Easily used by attackers with little technical knowledge. A versatile kit that has been used to spread a wide range of malware, including ransomware.
- Nuclear: Can be deployed in a variety of ways and was known to be able to exploit a vulnerability in Adobe Flash Player
- Magnitude: Linked to attacks against PHP.net and Yahoo.
- Rig: Recently been implicated in the distribution of various ransomware including Cryptowall and other Cryptolocker variants
Together, Dell and SonicWall identified a few trends which emerged in the exploit kit space and noticed that these software packages are becoming smarter, using anti-forensic and advanced methods to evade detection by security systems.
For instance, the Spartan exploit kit was able to avoid being detected by encrypting its initial code and generating its exploitative code in the RAM and never on the actual hard disk of a computer or server. While, the nuclear used URL pattern changes to confuse antivirus software and firewalls.
“It was also common for kits to check for antivirus software or virtual environments, such as VMware or Virtual Box, and to modify their code accordingly for higher success rates”, Dell and SonicWall wrote in the report.
The main question here is how can you or your organization protect yourselves against exploit kits?
In order to answer this question, you must understand that an exploit kit attack can only wreak havoc on your device under certain conditions: either you’ve visited or been redirected to a website that is hosting an exploit kit or if your device doesn’t have the latest patches that closes the vulnerabilities that can be exploited.
“So to evade attacks from exploit kits, a user would need to avoid providing at least one (and preferably both) of these ‘openings’ for attack,” writes a blog by security vendor.
“There are various steps you can take when surfing online to avoid encountering exploit kits. For example, website security rating services help users avoid known malicious or compromised websites, while script blocking software and antivirus programs prevent malware from redirecting the browser to an unsolicited site.”
“More concretely, users can render exploits pointless by removing their intended target and closing the flaw in a vulnerable program with a security patch issued by the program’s vendor. Users are strongly urged to install security patches for any software installed on their computers or devices as soon as they are released.”