The times when exploit kits (EKs) were known to be the breeding ground of new zero-days is long gone, and most EKs nowadays live off older vulnerabilities, meaning that keeping your browser, OS, and Flash Player up-to-date is enough to safeguard you from today’s top web-based threats.
Exploit kits are web apps developed by malware authors. Crooks lure users on malicious URLs hosting an exploit kit, which uses a known vulnerability to infect the user with malware.
Exploit kits have been around on the criminal underground for more than a decade and were once pretty advanced, often being a place where researchers found zero-days on a regular basis.
But as browsers got more secure in recent years, exploit kits started to die out in 2016-2017. Most operators were arrested, moved to other things, and nobody developed new exploits to add to the arsenal of EK left on the market, which slowly began falling behind when it came to their effectiveness to infect new victims.
EKs used only eight exploits in Q1 2018
A Palo Alto Networks report published yesterday details statistics about the vulnerabilities used by current exploit kits in the first three months of the year (Q1 2018).
According to the gathered data, researchers found 1,583 malicious URLs across 496 different domains, leading to landing pages (URLs) where an EK attempted to run exploits only for only a meager eight vulnerabilities.
All eight were old and known bugs, with the newest dating back to 2016. Seven of the eight vulnerabilities targeted Internet Explorer, meaning that using a more modern browser like Chrome and Firefox is a simple, yet effective way of avoiding falling victim to exploit kits.
The long story short is almost all of the Exploit Kit traffic was using exploits for issues 2 years or older. So try to keep browsers reasonably up to date.
— Kevin Beaumont (@GossiTheDog) June 22, 2018
But using a non-Microsoft browser is not enough to stay safe. Exploit kits are also known to target Flash Player.
Since most Flash Player instances are now bundled with the OS and even the browsers themselves, keeping the OS and browsers up to date with security patches is the most simple solution to make sure EKs remain a thing of the past.
Recent zero-days give EKs new life
Keeping things up to date may be important than ever these days because the discovery of new zero-days might have breathed new life into some exploit kits.
Proof-of-concept (PoC) code was published online for these zero-days, and some EK developers didn’t shy away from integrating those PoCs into their arsenals.
A report from Malwarebytes, which included data from June 2018, reveals that in recent months, exploit kits have now integrated two zero-days disclosed earlier this year, one in Adobe Flash Player and a second targeting Internet Explorer.
While antivirus software is the best solution to keep exploit kits at bay, not all users can afford a commercial license for the top products. If you’re one of those users who can’t afford one, proper IT hygiene like keeping your OS, browser, and Flash Player up to date is currently a good solution from preventing exploit kits from infecting you with malware.