If there’s one thing businesspeople and cyberthieves have in common, it’s their love of finding ways to get bigger results with less effort. And for thieves, exploit kits are little efficiency machines.
So maybe it shouldn’t surprise anyone that hackers are now making exploit kits smarter than ever before. The recent 2016 Dell Security Annual Threat Report called out exploit kits as one of the most urgent security challenges of last year, not only because there are now more of them, but because they’re becoming harder for security systems to identify and eradicate.
Hackers know what security software typically scans for, and they’re using that knowledge to create workarounds. Remember Spartan? It used malvertising to load a series of files-within-files onto victims’ systems before generating its exploitative code in memory, not on disk, in order to stay invisible to firewalls.
“Exploit kits are evolving, but they’re primarily aimed at known software vulnerabilities.”
But it’s not all bad news. Exploit kits are evolving, but they’re primarily aimed at known software vulnerabilities. So keeping your software and systems patched and updated can go a long way, as can the use of a layered security approach that includes tough intrusion prevention, perimeter anti-virus, enforced host-based anti-virus, isolated network zones, multifactor authentication and, for the most paranoid, browser plugins like NoScript.
Exploit kits gave us a real glimpse into hackers’ heads in 2015, and what we saw was that set-it-and-forget-it security programs are completely worthless. If defense-in-depth is not the name of the game for your company, there’s a chance you could find yourself on the wrong side of an exploit kit this year.