Site icon Check Point Blog

Check Point Threat Alert: Exploit Kits

An exploit kit is a malicious toolkit whose purpose is to identify vulnerabilities in client machines. These vulnerabilities are then exploited in order to upload and execute malicious code on the client. Exploit kits also provide a user interface for an attacker to gain information on success rates and other statistics, as well control the client’s settings. According to Check Point’s analysis and reports, there was a notable spike in exploit kit usage as of January 14th 2016.

 

Description

Exploit kits are a type of malicious toolkit used to exploit security holes in software applications and spread malware. These kits come with pre-written exploit code and target users whose computers are running insecure or outdated software applications. This is a typical sequence of events:

  1. A certain web server was hacked by cybercriminals.
  2. A user visits a compromised website whose web server was hacked or where malicious ads are displayed.
  3. The compromised web server performs a redirection to an exploit kit URL.
  4. The victim visits an exploit kit page.
  5. The exploit kit gathers information on the victim and determines which exploit to deliver.
  6. The exploit is delivered.
  7. If the exploit succeeds, a malicious payload is downloaded to the victim’s computer and executed. This is known as a drive-by download as it happens without the victim’s knowledge or consent. An example of a ransomware payload was recently published by Check Point’s intelligence analyst in this blog post.

Exploit kits try to exploit zero-day vulnerabilities while Check Point IPS protections are blocking these attacks as published in this blog post. Angler is the most popular exploit kit nowadays, deployed in 30% of all compromised websites. Angler is also the most technically advanced: it provides support for a more diverse infection spectrum and employs various techniques to evade antivirus protections.

Check Point IPS Protections

References

Appendix A – Exploit Kits Covered by Check Point IPS

Exit mobile version