Recent Trends in Exploit Kits

“Life in the SOC” is a Blog Series that shares experiences of the BlueVoyant SOC defending against the current and prevalent attacks encountered by our clients. The blogs discuss successful detection, response and mitigation actions that can improve your defensive capabilities.

Exploit Kits (EK) have grown as an active attack vector in recent months. EKs were popular six to eight years ago; however, a significant number of them were taken down by law enforcement. Their resurgence can be attributed to cheap browser exploits and malware, such as Emotet, which include modular capabilities and allow attackers to partner to distribute malware.

In 2019, popular EKs, such as Fallout and RIG, are available with monthly subscription-based operating models. Recent exploit kits are leveraging known vulnerabilities with openly available Proof of Concept (PoC) exploits. According to researchers at SentinelOne, ”The majority of the exploit kit clientele are Russian speaking cybercrime malware distributors; moreover, the exploit kit administrators themselves routinely refuse to rent the EK to the English-language speakers.”

Exploit Kits trending over the last six months saw several spikes over the summer. They could be on an upward trend heading into the fall season. Attackers using EKs are counting on poor patch management to dole out multiple malicious campaigns.