Exploit kits, which first became popular in 2006, are used to automate the exploitation of vulnerabilities on victims’ machines, most commonly while users are browsing the web. Over the past decade they have become an extremely popular means for criminal groups to distribute mass malware or remote access tools (RAT), because they lower the barrier to entry for attackers and can enable opportunistic attacks at scale. To understand this phenomenon, we must understand the ecosystem that surrounds exploit kits, including the actors, campaigns and terminology involved.

For exploit kit creators, there is a massive opportunity to generate profit. Creators can offer exploit kits for rental on underground criminal markets, where the price for leading kits can reach thousands of dollars per month.

Exploit kit campaigns generate a series of events starting with a compromised website that ultimately directs web traffic to an exploit kit. Within the exploit kit, a specific sequence of events occurs for a successful infection. The sequence starts with a landing page, follows with an exploit, and ends in a payload. Ransomware is their most common payload, but exploit kits also distribute other types of malware, like information stealers and banking Trojans.

While exploit kits are highly effective, there are measures you can take to prevent successful breaches. In the later sections of this report we will describe how to reduce the attack surface, block known malware and exploits, and quickly identify and stop new threats to ensure organizations are protected.


 

Cyberthreat Defense Report 2018

CyberEdge Group’s fifth annual Cyberthreat Defense Report provides a penetrating look at how IT security professionals perceive cyberthreats and plan to defend against them. Based on a survey of 1,200 IT security decision makers and practitioners conducted in November 2017, the report delivers countless insights that IT security teams can use to better understand how their perceptions, priorities, and security postures stack up against those of their peers.
  • 0
  • 10269

Product Summary Specsheet

Key features, performance capacities and specifications for all Palo Alto Networks firewalls.
  • 83
  • 223272

VM-Series Specsheet

The VM-Series has been optimized and expanded to deliver industry-leading performance of up to 16Gbps of App-ID-enabled firewall throughput across five models.
  • 5
  • 53855

PA-3000 Series Specsheet

Key features, performance capacities and specifications of the Palo Alto Networks PA-3000 Series.
  • 20
  • 100222

Panorama Datasheet

Overview of Panorama, our centralized security management system, that provides you with global control over multiple Palo Alto Networks firewalls.
  • 3
  • 13551

PA-5000 Series Specsheet

Key features, performance capacities and specifications for our PA-5000 Series.
  • 8
  • 68317