Exploit kits are a type of malicious toolkit used to exploit security holes found in software applications (such as Adobe Flash, Java, Silverlight etc) for the purpose of spreading malware. These kits contain code which targets users running insecure or outdated software applications on their computers. Attackers behind the exploit kits are just tweaking code, these days, and finding fresh software exploits to target. Some, of the well known exploit kits on the rise are :
1) RIG Exploit kit
This exploit kit continues to drop various ransomware payloads such as CryptoShield, Cerber and Locky. Attackers who use RIG exploit kit typically inject a malicious script into compromised websites. When the compromised site is accessed, the malicious script, which is usually obfuscated, loads the exploit. Recently, RIG exploit kit was primarily used as an exploit for the Adobe Flash vulnerability CVE-2015-8651 that executes a JavaScript file, which then downloads an encrypted PE file
2) Sundawn Exploit kit
Attackers behind Sundown exploit kit are making changes related to URI changes and incorporating new techniques such as steganography. This exploit kit uses .xyz domains as the primary choice for hosting landing pages and registering domains with many other generic top-level domains in the name of well-known organizations.
3) Magnitude Exploit kit
Magnitude’s modus operandi includes distribution via malicious ads distributed via popup and pop-under ad networks attempting to install the Cerber ransomware.
4) Terror Exploit kit
Rig and Terror have been tracked delivering a wide variety of threats, from ransomware and banking Trojans to spambots and BitCoin miners. It is more customized and its target is much more defined.
5) GongDa and KaiXin
GongDa is an older exploit kit that continues to use Java exploits, it has also been found delivering both Flash and VBScript exploits as well. KaiXin attempts to determine the use of security products on the targeted PC’s filesystem before continuing execution. The KaiXin campaign offers exploits for Java, Flash, and Silverlight and if successful installs various Chinese adware packages.
1) RIG Exploit kit
This exploit kit continues to drop various ransomware payloads such as CryptoShield, Cerber and Locky. Attackers who use RIG exploit kit typically inject a malicious script into compromised websites. When the compromised site is accessed, the malicious script, which is usually obfuscated, loads the exploit. Recently, RIG exploit kit was primarily used as an exploit for the Adobe Flash vulnerability CVE-2015-8651 that executes a JavaScript file, which then downloads an encrypted PE file
2) Sundawn Exploit kit
Attackers behind Sundown exploit kit are making changes related to URI changes and incorporating new techniques such as steganography. This exploit kit uses .xyz domains as the primary choice for hosting landing pages and registering domains with many other generic top-level domains in the name of well-known organizations.
3) Magnitude Exploit kit
Magnitude’s modus operandi includes distribution via malicious ads distributed via popup and pop-under ad networks attempting to install the Cerber ransomware.
4) Terror Exploit kit
Rig and Terror have been tracked delivering a wide variety of threats, from ransomware and banking Trojans to spambots and BitCoin miners. It is more customized and its target is much more defined.
5) GongDa and KaiXin
GongDa is an older exploit kit that continues to use Java exploits, it has also been found delivering both Flash and VBScript exploits as well. KaiXin attempts to determine the use of security products on the targeted PC’s filesystem before continuing execution. The KaiXin campaign offers exploits for Java, Flash, and Silverlight and if successful installs various Chinese adware packages.
No comments:
Post a Comment