#page

EXPLOIT KITS



Known Exploit kits

The below list is not exhaustive and is meant to provide an overview of the most prevalent exploit kits impacting US victims. This page is updated regularly with new information.


What are Exploit Kits?

Exploit Kits (EKs) are toolkits that automate the exploitation of vulnerabilities in popular software applications in order to maximize successful infections and serve as a platform to deliver malicious payloads such as Trojans, spyware, ransomware, and other malicious software. Most users will encounter EKs from visiting seemingly legitimate, high-traffic websites that either contain links to EKs embedded within malicious advertising (malvertising) or have malicious code hidden directly within the website itself. Malicious URLs linking to EKs are commonly distributed through spam email and spear-phishing campaigns.

 

Image Credit: Computer Security

 


How DO Exploit kits work?

  1. Contact - the victim accesses a link that connects to an EK server (i.e. from a malicious ad, compromised website, or email hyperlink).

  2. Redirect - the victim is filtered based on a set of criteria specified by the EK attacker, such as the IP address or browser type, and redirected to the server that hosts the EK, and then delivers them to the landing page that will determine what vulnerabilities to exploit.

  3. Exploit - once the vulnerabilities are identified, the EK server downloads the exploit files to target the appropriate applications.

  4. Infect - once the vulnerabilities are exploited, the attacker downloads and executes malware on the victim’s machine, often a banking Trojan or ransomware.


Exploit kits Mitigation strategies

The constantly evolving nature of exploit kits underscores the need for a progressive and proactive cybersecurity posture - one that equally addresses the vulnerabilities and exploits of people, processes, and technology. Click below for some mitigation strategies to help defend against EKs:


REPORTING

If your organization is the victim of an Exploit Kit attack, or would like to learn more about the NJCCIC, please contact a Cyber Liaison Officer at njccic@cyber.nj.gov.