IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Cyber crime: Exploit kits in the enterprise

Cyber crime is big business and exploit kits represent one of the most critical security challenges facing the enterprise today...

Exploit kits are particularly prevalent at the moment in the UK. They are largely responsible for the 600 per cent increase in the use of malicious web links as an attack vector, according to recent research by security vendor Websense.

The growing adoption of exploit kits within the cyber criminal fraternity is impacting upon the enterprise in terms of the probability that data will be stolen and productivity will be lost. "Combining exploit kits, custom encryption to evade AV detection with the acceleration of new attack techniques, emerging zero-day vulnerabilities and the fact that exploit kits are underground (consumer based products designed to support rapid updates), it is likely that even perfect patch management will still leave windows of exposure with some of the advantage going to cybercrime," according to Elad Sharf, lead senior security researcher at Websense.

But why, then, are exploit kits so popular? That's a simple one to answer: they make hacking easy. "It's the difference between having to understand Internet Protocol and code used to put up a website back in the early 1990's compared with pointing and clicking to post to Facebook today," Kevin O'Reilly, lead security consultant with the assurance team at Context Information Security, puts it.

"The posting of exploit kits on the Internet is like handing out grenade launchers to vandals" O'Reilly explains, adding "criminals with minimal technical skills can buy a point-and-click kit to create takeover software." This can then be uploaded to an automatically cloned copy of a legitimate website and even handle the emailing of the malicious links to targeted victims in your enterprise.

Exploit kits unplugged

An exploit kit is simply a cyber crime tool that is sold as an off-the-shelf product bundle usable without the kind of technical hacking skills required in days past. But what does this bundle actually contain? IT Pro asked Wolfgang Kandek, CTO at on-demand vulnerability management and policy compliance solution provider Qualys, for the component breakdown of a typical exploit kit:

1. Coded exploits for vulnerabilities in browsers and plug-ins.

2. A web admin console, showing results such as how many machines are infected, in what countries, using what browsers and detailing the best exploits and campaigns in terms of breach success.

3. A database to store all relevant data.  

4. The include' of files to be hosted on a web server which can then be implemented by the sites that will be used to infect their visitors.

5. The sites that will be used to infect visitors, either setup specifically for that purpose to attract traffic by convincing search engines to link to them (using Search Engine Poisoning techniques) or more commonly sites that were hacked by the attacker. A current example is the site iphonedevsdk.com which was involved in the attacks on Apple, Facebook and Twitter. It notes: "A single administrator account was compromised. The hackers used this account to modify our theme and inject JavaScript into our site". The JavaScript inject' mentioned by iphonedevsdk is one of the include' files provided by the exploit pack.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022