Cyber criminals are continually devising new ways to invade electronic devices and computer networks in order to steal valuable confidential information that is exploited for nefarious purposes. The never ending introduction of new malicious software (malware) threats is almost impossible for IT professionals to keep pace with, much less prevent, so it is especially difficult for the average computer operator to follow.
Security software developers are also kept busy creating new ways to detect, identify, locate and eradicate malware threats, the ever changing nature of which requires the continual creation of new software programs or updates to existing programs in order to defend against invasive cyber crimes.
Cybercrime has become so prevalent that a standard has evolved for naming various malware threats that are known as “Common Vulnerabilities and Exposures” or CVEs and there are a lot of them.
The variety and number of computer viruses and malware that IT professionals deal with on a daily basis are staggering. In addition to viruses, ransomware and thousands of other malware security threats, the latest means of illicitly gathering information is known as “exploit kits” (EKs) which are software programs designed to run on web servers that are capable of finding and exploiting vulnerabilities in any and all electronic devices that are connected to and communicate through the server. This enables cybercriminals to upload nefarious software programs and execute malicious codes in multiple vulnerable machines.
It has never been more important to use security software and to install manufacturer updates as soon as they become available. In addition, precautionary measures should include backing up files, removing unused programs, avoiding random clicking, only opening attachments from reputable sources and updating all frequently used programs all of which are essential elements to protecting electronic devices from cyber invasions.
Focusing on just one type of cybercrime, the following is a list of the top 10 EKs that Intel has identified as the most prevalent during the first few months of 2017, each of which includes multiple CVEs in the particular class of Exploit Kit:
1 – Neutrino Exploit Kit
Neutrino EK and its predecessor Neutrino-v surged in popularity in the middle of 2016 and are known for infecting compromised sites and malvertising with various malware applications. The creators and distributors of this kit are known as Operation Afraidgate and Operation ShadowGate and there are over 30 CVEs dating back to 2013 that have been identified as current potential threats in this category of Exploit Kits.
2 – RIG Exploit Kit
Created and distributed by Operation Deep Panda, Operation DragonFly, Operation Pitty Tiger and Operation Afraidgate, the latest VIP version of RIG EK is called RIG-v and uses new URL patterns. RIG is spread through advertisements that have been inserted into websites which are legitimate and unknowingly feature those suspicious ads. This EK has been around since 2012 and the nearly 50 updated versions that have been introduced since then keep RIG at the top of the list of biggest cyber threats.
3 – Empire Pack Exploit Kit
The Empire Pack Exploit Kit is also known as RIG-E and was introduced in 2016 to take advantage of flaws in Adobe and Microsoft software applications and 5 different CVEs have been found in this category of EKs.
4 – Sundown Exploit Kit
Operation ShadowGate introduced the Sundown EK which is also known as Beta Exploit Pack and was last updated at the end of 2016. This EK distributes remote-access Trojans (RATs) to malicious links using phishing emails sent directly to computer users who unknowingly click on those malicious links. Sundown EK is known to use steganography (a non-secret data or text used to conceal information) to hide exploitation codes contained within the malware. This EK dates back to 2014 and 17 CVEs have since been identified in this category of EK.
5 – Bizarro Sundown Exploit Kit
This EK is the predecessor of the Sundown EK and was first discovered in October, 2016. Intel has found 5 CVEs in this category dating back to 2014 that were distributed by Operation ShadowGate.
6 – Magnitude Exploit Kit
The Magnitude EK is also known as Popads and uses malvertising attacks to infect a plethora of victims who visit compromised websites. Intel has discovered 25 different CVEs dating back to 2011 in this category of EK.
7 – Astrum Exploit Kit
Astrum EK is also known as Stegano and hides in malicious advertising banners that are used by many websites. Intel has identified 12 CVEs dating back to 2010 in this category of EK.
8 – Sweet Orange Exploit Kit
The Sweet Orange EK uses phishing emails containing malicious links or attachments to spread various malware applications. To date 14 different CVEs have been found in this EK category that date back to 2012.
9 – Sednit Exploit Kit
Three different CVEs dating back to 2013 have been found in this category of EKs which are distributed by a hacking group that calls itself “Sednit” and creates malware that targets flaws contained in Microsoft’s Internet Explorer.
10 – CK Exploit Kit
The CK EK was first discovered in 2012 and affected primarily Korean and Chinese websites with “drive-by” downloads that infected users’ electronic devices. To date 7 different CVEs dating back to 2011 have been identified in this category of EK.
For as long as there have been computers, there have been hackers devoting their time to invading personal privacy and stealing valuable information that is then exploited for nefarious purposes. The types and numbers of viruses, malware, exploit kits and other invasive tools continue to expand exponentially, not only in type and number, but also in sophistication and frequency. It’s never been more important to use up-to-date security software and to maintain a good working relationship with an IT professional who stays abreast of the latest threats and ways to combat them to protect privacy and confidential information.
More information can be found on each of the above-identified EKs as well as multiple other potential cyber threats at Intel’s website (http://tld.mcafee.com/) that is devoted completely to cyber security. This informative site offers a wealth of information about multiple campaigns, vulnerabilities, ransomware and exploit kits that have been and continue to be used to gather confidential information for nefarious purposes.