//
you're reading...
IT & TECHNOLOGY, Palo Alto Networks

Exploit Kits Exposed: Automated Attacks at Scale


Palo-Alto-Networks-Logo

Put yourself in the shoes of an attacker: Your objective is to infiltrate an organization, deploy ransomware and get paid. It is your job to launch the most effective, lowest cost attack possible, which also delivers the highest return. When adversaries balance the equation of effort versus potential reward, they are increasingly turning toward automated tools, like exploit kits (EKs), to help them achieve their malicious goals at massive scale. In short, EKs allow a malicious actor to silently exploit vulnerabilities in a browser-based application, deliver a malware payload, and operationalize the attack using rental-based EK infrastructure.

Before we look forward, it is important to understand the history of exploit kits and how they’ve become one of the most prevalent and effective methods of breaching an organization today. The popularity of EKs dates back to 2006, when the first documented case appeared; but it really took off in 2010 with the introduction of the Blackhole EK and its associated software-as-a-service (SaaS) based business model. Now, instead of setting up malicious infrastructure, compromising websites, identifying vulnerability exploits, and delivering malware, malicious actors could outsource nearly the entire attack flow to an expert. This is cyberattacking for the masses, with a modern and simple-to-use interface to match.

exploit_1

Over time, network defenders identify and take down prevalent exploit kits, as we saw with the disappearance of Blackhole after the arrest of its author; but there is always another one ready to take over the mantle and reap the profits. In recent years, we have seen an explosion in the scale of EK usage against organizations, especially as they have been increasingly used to deliver ransomware payloads. In fact, according to research by the Palo Alto Networks Unit 42 threat intelligence team, “Exploit kits are now, on average, about twice as expensive as they were two years ago.” We expect this trend to continue, with malicious actors continuing to leverage the automation, scale and silent malware delivery offered by exploit kits.

As organizations build their prevention infrastructure, they should consider how their security controls can identify and prevent this significant threat across the network, cloud and endpoint. Learn more about the past, present and future of exploit kits, and how to prevent them:

[Palo Alto Networks Research Center]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 119,161 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,247 other followers

Twitter Updates

Archives

November 2016
M T W T F S S
« Sep   Dec »
 123456
78910111213
14151617181920
21222324252627
282930  
%d bloggers like this: