The Malwarebytes ‘Cybercrime tactics and techniques – 2016 Wrapup’
gives special mention to the rise in the availability, use, and complexity of
exploit kits. Many people have not heard
of them so I thought I would make a post.
To understand what an exploit kit is you first need to understand
what an exploit is. There are many
vulnerabilities in software. Some are in applications and some are in the
operating system. When a cyber-attack is successfully mounted against one of
those vulnerabilities, it is said to have been exploited. The attack itself is
called an exploit.
In the basic cyber-attack, information is gathered about the
servers and other nodes in the network. This is called ‘enumeration.’ Using this information, a database of
potential vulnerabilities can be queried. Now the idea is to try exploits on
each possible vulnerability, knowing that some may not have been patched.
In the early days of cyberspace, it took a great deal of
skill to develop and deliver an exploit.
But like anything else the process has been automated into what is
called an ‘exploit kit.’ There are many
different exploit kits available for purchase or rental.
Some exploit kits even have user-friendly web-based
administrative interfaces, where various options may be turned on or off. The level
of skill needed to run many exploit kits is fairly low. They are a lovely study in usability for
cyber-crime.
Exploit kits initially infect networks or home systems
through the common channels – e-mail attachment, macro, insecure application,
and Web XSS. These are common vectors
for malware, so the same methods as against malware may be used to protect
against exploit kits.
- · Always maintain backups and air-gap them.
- · Keep your OS and apps patched as patches are released. Don’t put it off.
- · Always have good anti-virus, anti-adware and firewall deployed and current.
- · Always use a least-privilege account.
- · Do not open email attachments unless you are absolutely sure what is in them and where they came from.
Here are some good references:
- · Web exploits – A bright Future Ahead
- · Tools of the Trade: Exploit Kits
- · Ultimate Guide to Angler Exploit Kit
- · Exploit Kit – Wikipedia
No comments:
Post a Comment