Friday, March 10, 2017

What are ‘exploit kits’ and why should you fear them?

The Malwarebytes ‘Cybercrime tactics and techniques – 2016 Wrapup’ gives special mention to the rise in the availability, use, and complexity of exploit kits.  Many people have not heard of them so I thought I would make a post.

To understand what an exploit kit is you first need to understand what an exploit is.  There are many vulnerabilities in software. Some are in applications and some are in the operating system. When a cyber-attack is successfully mounted against one of those vulnerabilities, it is said to have been exploited. The attack itself is called an exploit.

In the basic cyber-attack, information is gathered about the servers and other nodes in the network. This is called ‘enumeration.’  Using this information, a database of potential vulnerabilities can be queried. Now the idea is to try exploits on each possible vulnerability, knowing that some may not have been patched.

In the early days of cyberspace, it took a great deal of skill to develop and deliver an exploit.  But like anything else the process has been automated into what is called an ‘exploit kit.’  There are many different exploit kits available for purchase or rental.

Some exploit kits even have user-friendly web-based administrative interfaces, where various options may be turned on or off. The level of skill needed to run many exploit kits is fairly low.  They are a lovely study in usability for cyber-crime.

Exploit kits initially infect networks or home systems through the common channels – e-mail attachment, macro, insecure application, and Web XSS.  These are common vectors for malware, so the same methods as against malware may be used to protect against exploit kits.

  • ·        Always maintain backups and air-gap them.
  • ·        Keep your OS and apps patched as patches are released. Don’t put it off.
  • ·        Always have good anti-virus, anti-adware and firewall deployed and current.
  • ·        Always use a least-privilege account.
  • ·        Do not open email attachments unless you are absolutely sure what is in them and where they came from.

Here are some good references:

No comments:

Post a Comment