Casa > cibernético Notícias > Exploit Kit Attacks Grow in 2015 Q3, O Patch Management é Crucial
CYBER NEWS

Exploit Ataques Kit Crescer em 2015 Q3, O Patch Management é Crucial

A intensidade de ataques maliciosos que aplicaram kits de exploração (EK) aumentou nos últimos dois anos. De fato, dando uma olhada no terceiro trimestre de 2015, one will notice at once that the exploitation of exploit kits has escalated seemingly. As many researchers have pointed out, the downfall of the infamous Blackhole EK em outubro 2013 has brought other exploit kits into the light.

Exploit Kits Threat Landscape

Exploit kits are typically used in malicious operations known as drive-by downloads. Once such a download takes place, the user is redirected to an attacker’s website hosting an EK.

Impressão
image Source: TrendMicro

The growth in intensity and effectiveness of EK attacks is due to the successful creation of criminal DNS infrastructure. The latter has jumped to 75% in the last quarter of 2015, in comparison with the third quarter of 2014. The statistics are part of a vast research by Infoblox.

Why should we care? Exploit kits are malware that represents automated attacks and should be of great concern to both security geeks and users. Exploit kits are definitely crafted by cyber criminals with sophisticated skills. They can be described as packages for delivering a particular payload (por exemplo ransomware) that are up for sale or rent. The way the different types of malicious software are being distributed on underground forums (malwares-as-a-service) is quite alarming. Praticamente, any cyber crook, even those with little technical knowledge, can go after individuals, enterprises and public organizations.

Most of the EK activity is traced back to four well-known exploit pieces:

  • Angler Exploit Kit;
  • Magnitude EK;
  • Neutrino EK;
  • Nuclear EK.

The four of them have been used in 96% of all exploit kit activity in the last three months of 2015.

Angler Exploit Kit

Research indicates that Angler has first appeared on the malware horizon in the end of 2013. Desde a sua primeira aparição, Angler has grown in popularity and maliciousness. It is considered one of the most aggressive exploit kits in the wild that successfully evades detection and has various components. It’s for sure one of the most prevalent exploit tools out there. Por exemplo, researchers at Sophos had reported a large number of Angler-infected landing pages in the spring of 2015.

Here’s a graph that represents Angler’s activity through recent years:

angler-exploit-kit-graph-sophos-STF
image Source: Sophos

Read more about Angler EK:
Explorar:HTML/Axpergle.N – Angler Exploit Kit Component
Hundreds of GoDaddy Domains Exposed to Angler

Magnitude EK

The magnitude exploit package became famous in October 2013 when it was applied in an attack on visitors to PHP.net. Tipicamente, visitors were redirected to the kit with the help of a compromised JavaScript file. Mais tarde, Magnitude made the headlines once again when it became public that it was used in a malvertising attack on Yahoo. The crooks bought ad space on Yahoo and then used the advertisements to link visitors to malicious domains hosting Magnitude. The kit is well-known to exploit vulnerabilities in Java and Flash.

Read More about Magnitude EK:
CryptoWall and Magnitude EK

Neutrino EK

Neutrino was recently reported to attack websites using the the eBay’s Magento commerce platform. Google has blocked thousands of website (mais que 8000) that were associated with the Neutrino attack. Researchers warn that users running vulnerable, unpatched versions of Flash can become victims by being infected with Neutrino’s malicious payload. The attack’s payloads are most likely Andromeda and Gamarue malware.

Read More about Neutrino-related malware:
Remover BKDR_KASIDET.FD a.k.a. Backdoor.Neutrino

Nuclear EK

The Nuclear pack is defined as one of the most widely-spread exploit kits out there that first appeared in 2009. The kit is quite effective, being capable of carrying out a number of malicious activities such as Flash, Silverlight, PDF, and Internet Explorer exploits, to dropping payloads of advanced malware and ransomware.

Read More about Nuclear EK:
Crowti Ransomware distributed via EKs

Exploit Kits can bring forth a variety of threats

Because of their many-sided character, EKs are often used as a vehicle to perform zero-day attacks and take advantage of software vulnerabilities. They are also often used in data exfiltration operations. Many businesses have been affected not only by the EKs listed in this article but by many others.
exploit-kits
image Source: Sophos

How to stay protected against Exploit Kits

What everybody should keep in mind is that most EK attacks are initiated via spam email campaigns and compromised websites. They can also be embedded in online ads. Millions of users can become victims of EKs, crimeware and their malicious payloads. The question is how to stay protected against them.

Being protected against exploit attacks definitely requires the right set of tools and knowledge. Regular patching is badly needed, começar com. Endpoint protection with an integrated patch management is a must for organizations. The good news is that even exploits designed to evade AV detection can be nullified when the targeted systems are thoroughly patched.

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...