Exploit Kit activity pose a major threat to outdated software worldwide

Analyzing the monthly encounters of Exploit Kit in 2016, Microsoft has said that they pose a major threat to the PCs running unpatched software. The past year saw attackers using exploit kits to inflict some of the most prominent threats to the victim’s PC, from Malvertising to Ransomware.

Exploit kit

Once executed, the exploit kit collects information on the victim PC, finds vulnerabilities, determines the perfect exploit, and delivers the exploit, which typically silently drive-by downloads and executes malware files.

Exploit Kits continue to evolve

Exploit kits have been used for more than a decade and don’t be surprised to know that Kits continue to include exploitation of vulnerabilities that were patched years back. The reason being, that there is still a significant population of unpatched machines.

Another factor that has contributed to the ever growing usage of Exploit kits is that they are easily obtained from underground Cybercriminal markets who are continuously engaged in integrating new exploits in order to find more weaknesses in PCs

The first half of the year 2016 saw a major upsurge in Exploit kit infections with Axpergle (also known as Angler exploit kit) infecting around 100,000 machines monthly. This Exploit kit delivers the 32- and 64-bit versions of Bedep, a backdoor that also downloads more complex and more dangerous malware, such as the information stealers Ursnif and Fareit.

Eventually, with the arrest of 50 hackers in Russia, Axpergle died (refer below image) but Cybercriminals came back with other alternatives.

Neutrino exploit kit took from where Axpergle left and was equally devastating until September 2016 after which it went into “private” mode, choosing to cater to select Cybercriminal groups.

Then came, Meadgive (also known as RIG exploit kit), that has been primarily used an exploit for the Adobe Flash vulnerability CVE-2015-8651 that executes a JavaScript file, which then downloads an encrypted PE file. Although in low volumes Meadgive dominated the latter half of 2016.

Which countries are most infected by Exploit Kits

Such was the domination of Exploit kits that it infected more than 200 countries in 2016. Here is a list of most affected countries with the US most targeted.

  1. United States
  2. Canada
  3. Japan
  4. United Kingdom
  5. France
  6. Italy
  7. Germany
  8. Taiwan
  9. Spain
  10. Republic of Korea

Ransomware distributed via Exploit kits

With Exploit kit finding success, it was the just time that attackers used them for spreading Ransomware. In December 2016, Microsoft found proofs of new Cerber Ransomware versions being delivered through a Meadgive exploit kit campaign.

Microsoft further states on the Technet blog,

“Neutrino, which temporarily dominated in 2016, is associated with another prominent ransomware family. Like Cerber, Locky also uses both exploit kits and spam email as vectors. With the decreased activity from Neutrino, we’re seeing Locky being distributed more and more through spam campaigns”.

Here is a list of targeted products which have been on Exploit kits radar,

Major exploits used by exploit kits

Exploit Targeted Product Exploit kit Date patched Date first seen in exploit kit
CVE-2014-6332 Microsoft Internet Explorer (OLE) NeutrinoEK November 11, 2014
(MS14-064)
November 19, 2014
CVE-2015-8651 Adobe Flash Axpergle, NeutrinoEK, Meadgive, SteganoEK December 28, 2015
(APSB16-01)
December 28, 2015
CVE-2016-0189 Microsoft Internet Explorer NeutrinoEK May 10, 2016
(MS16-051)
July 14, 2016
CVE-2016-1019 Adobe Flash Pangimop, NeutrinoEK April 7, 2016
(ASPB16-10)
April 2, 2016
(zero-day)
CVE-2016-4117 Adobe Flash NeutrinoEK May 12, 2016
(ASPB16-15)
May 21, 2016

How to stay safe from Exploit Kits

To prevent or minimize the effect of Exploit kits, keep browsers and other software up-to-date. Do not install software from unknown sources and avoid clicking on emails which look unfamiliar.

Posted by with Tags

Ankit Gupta is a writer by profession and has more than 7 years of global writing experience on technology and other areas. He follows technological developments and likes to write about Windows & IT security. He has a deep liking for wild life and has written a book on Top Tiger Parks of India.