Cyber crime: Exploit kits in the enterprise
Cyber crime is big business and exploit kits represent one of the most critical security challenges facing the enterprise today...
Exploit kits are particularly prevalent at the moment in the UK. They are largely responsible for the 600 per cent increase in the use of malicious web links as an attack vector, according to recent research by security vendor Websense.
The growing adoption of exploit kits within the cyber criminal fraternity is impacting upon the enterprise in terms of the probability that data will be stolen and productivity will be lost. "Combining exploit kits, custom encryption to evade AV detection with the acceleration of new attack techniques, emerging zero-day vulnerabilities and the fact that exploit kits are underground (consumer based products designed to support rapid updates), it is likely that even perfect patch management will still leave windows of exposure with some of the advantage going to cybercrime," according to Elad Sharf, lead senior security researcher at Websense.
But why, then, are exploit kits so popular? That's a simple one to answer: they make hacking easy. "It's the difference between having to understand Internet Protocol and code used to put up a website back in the early 1990's compared with pointing and clicking to post to Facebook today," Kevin O'Reilly, lead security consultant with the assurance team at Context Information Security, puts it.
"The posting of exploit kits on the Internet is like handing out grenade launchers to vandals" O'Reilly explains, adding "criminals with minimal technical skills can buy a point-and-click kit to create takeover software." This can then be uploaded to an automatically cloned copy of a legitimate website and even handle the emailing of the malicious links to targeted victims in your enterprise.
Exploit kits unplugged
An exploit kit is simply a cyber crime tool that is sold as an off-the-shelf product bundle usable without the kind of technical hacking skills required in days past. But what does this bundle actually contain? IT Pro asked Wolfgang Kandek, CTO at on-demand vulnerability management and policy compliance solution provider Qualys, for the component breakdown of a typical exploit kit:
1. Coded exploits for vulnerabilities in browsers and plug-ins.
2. A web admin console, showing results such as how many machines are infected, in what countries, using what browsers and detailing the best exploits and campaigns in terms of breach success.
3. A database to store all relevant data.
4. The include' of files to be hosted on a web server which can then be implemented by the sites that will be used to infect their visitors.
In This Article
The IT Pro guide to Windows 10 migration
Everything you need to know for a successful transitionDownload now
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Software-defined storage for dummies
Control storage costs, eliminate storage bottlenecks and solve storage management challengesDownload now
6 best practices for escaping ransomware
A complete guide to tackling ransomware attacksDownload now