Finding secure advantage in the explosion of exploit kit activity
According to the latest Infoblox DNS Threat Index, which measures the creation of malicious Domain Name Service (DNS) infrastructure, just four examples accounted for 96 percent of the total activity in the 'exploit kit' category during the third quarter of 2015.
The exploit kits in the hit parade were Angler, Magnitude, Neutrino and Nuclear.
This represents, quarter on quarter, a 75 percent increase in the creation of malicious domains by cyber-criminals unleashing exploit kits.
Everyone knows, on both sides of the IT security fence, that exploit kits are big news. Attackers love them because they automate the process of committing cyber-crime to a large degree.
Criminal coders love them as they represent a relatively low risk profit maker (why hack when you can, instead, sell the tools to let someone else do it?).
We hate them because they are an enabler for otherwise unskilled criminals who can now rent or buy their way into the malicious attacker fraternity.
Craig Sanderson, senior director at Infoblox, points out that the bad guys need to register domains in order to build the drive-by locations that are popularly used by exploit kits to distribute their malicious payloads, as well as to host the command-and-control servers.
"A recent Angler attack on Mail Online implanted malicious ads on the site for five days," Sanderson says, "potentially exposing millions of online visitors to infection." What's more, exploit kits are constantly evolving in order to take advantage of newly discovered vulnerabilities.
One security expert who spoke to SCMagazineUK.com explained how this explosion in exploit kit activity can be used to help harden your security posture.
Before we get to his revelations though, we asked some other experts just how big a role do exploit kits actually play in the overall scheme of cyber-crime?
Andrew Rogoyski, VP cyber security services at CGI UK and chair of the Cyber Security Group of TechUK, is in no doubt that exploit kits "represent a significant threat to any organisation's security because they automate, scale and de-skill much of the attack process."
He told SC that reducing an organisation's vulnerability to exploit kits includes standard recommended practices such as awareness and training through to patching and vulnerability management. "More advanced solutions include sandboxing and behavioural analysis, URL blacklisting and whitelisting, web reputation services, amongst other measures," Rogoyski continued. “Additionally, information sharing initiatives, such as the Government hosted CISP, remain a helpful part of the response."