This malicious payload can be ransomware like Cryptolocker or Cryptowall. It could also be malware that may attempt to steal sensitive data such as regulated data, personally identifiable information (PII) or intellectual property.
Cryptowall 3.0 ransomware operators typically use the Angler exploit kit to launch attacks and have been successful in raking in about S$459 million in ransom mostly through Bitcoin payments, in recent attacks.
Ensuring that end users are sufficiently trained in security best practices and policies is key to preventing exposure.
5. There are many of them.
If you thought the Angler exploit kit was the only one we need to worry about, think again. While Angler may be the most sophisticated and popular exploit kit, Neutrino, Nuclear and Magnitude follow closely on the heels of Angler as the favourites of cybercriminals.
Angler is notorious for pioneering the "domain shadowing" technique and for incorporating malicious URLs into legitimate ad networks, infecting visitors who are going to these websites that are generally considered safe.
Magnitude is different from other exploit kits in that it uses a traffic-sharing model, where instead of renting the kit, cybercriminals need to share a portion of the traffic related to their campaigns with the exploit kit administrators. The administrators then use this traffic to carry out their own malicious activities.
Most exploit kits use a similar method of infection but vary in the type of vulnerabilities they take advantage of and the tricks they use to defeat antivirus defences.
So what can you do about exploit kits?
Protecting users, data and applications can be achieved by ensuring that your network architecture is robust and secure enough to address these threats not just in one stage of the exploit, but across the entire kill chain. Organisations should not just invest in perimeter protection, as the perimeter gets more ambiguous as the workforce becomes distributed and mobile, but also incorporate defence-in-depth strategies that span across the network and security layers. Exploit kits, command and control malware, phishing and other threats use DNS as their backbone. Having security built into the DNS infrastructure and sharing threat data between network and security solutions can provide an effective mitigation technique.
Sign up for CIO Asia eNewsletters.