Exploit Kits

 
 

Known Exploit kits

Latest New/Updated Variants
Fallout
Fallout
Underminer
Underminer
Disdain
Disdain
Terror
Terror
DNSChanger
DNSChanger
Stegano
Stegano
RIG
RIG
Sundown
Sundown
Bizarro Sundown
Bizarro Sundown
Floki Bot
Floki Bot
Neutrino
Neutrino
Angler
Angler
Blackhole
Blackhole
Fiesta
Fiesta
Magnitude
Magnitude
Nuclear
Nuclear
Sweet Orange
Sweet Orange

The below list is not exhaustive and is meant to provide an overview of the most prevalent exploit kits impacting US victims. This page is updated regularly with new information.

What are Exploit Kits?

Exploit Kits (EKs) are toolkits that automate the exploitation of vulnerabilities in popular software applications in order to maximize successful infections and serve as a platform to deliver malicious payloads such as Trojans, spyware, ransomware, and other malicious software. Most users will encounter EKs from visiting seemingly legitimate, high-traffic websites that either contain links to EKs embedded within malicious advertising (malvertising) or have malicious code hidden directly within the website itself. Malicious URLs linking to EKs are commonly distributed through spam email and spear-phishing campaigns.

 
Image Credit: Microsoft

Image Credit: Microsoft

 

How DO Exploit kits work?

  1. Contact - the victim accesses a link that connects to an EK server (i.e. from a malicious ad, compromised website, or email hyperlink).

  2. Redirect - the victim is filtered based on a set of criteria specified by the EK attacker, such as the IP address or browser type, and redirected to the server that hosts the EK, and then delivers them to the landing page that will determine what vulnerabilities to exploit.

  3. Exploit - once the vulnerabilities are identified, the EK server downloads the exploit files to target the appropriate applications.

  4. Infect - once the vulnerabilities are exploited, the attacker downloads and executes malware on the victim’s machine, often a banking Trojan or ransomware.

Exploit kits Mitigation strategies

The constantly evolving nature of exploit kits underscores the need for a progressive and proactive cybersecurity posture - one that equally addresses the vulnerabilities and exploits of people, processes, and technology. Click below for some mitigation strategies to help defend against EKs:

REPORTING

If your organization is the victim of an Exploit Kit attack, or would like to learn more about the NJCCIC, please contact a Cyber Liaison Officer at njccic@cyber.nj.gov.