It's no secret that the threat landscape provides as many twists and turns as an M. Night Shyamalan flick, with new tactics and malware variants cropping up on a seemingly daily basis. With the enormous task of measurably reducing cyber risk within the business, security practitioners couldn't possibly be expected to stay on top of each threat aimed at their organization, but chances are the C-suite expects them to.
As headlines continue to glom on to massive cybersecurity events, like the recent WannaCry ransomware attacks or the distributed denial-of-service assaults launched by IoT botnets, we've decided to focus on highlighting one that cybercriminals have been leveraging for years; exploit kits (EK).
These hacking toolkits take advantage of vulnerabilities in systems and devices with the ultimate goal of compromising the machines. From there, attackers can benefit in multiple ways – from siphoning financial information to make illegal purchases to swiping sensitive data they could sell in the cyber underground. As Trend Micro describes, the typical exploit kit features a management console, vulnerabilities for different applications, and other functions that make it a user-friendly attack method for cyber swindlers.
EKs have been spotted since 2006, and their use has grown and subsided as other attack methods gained popularity. Today, EKs are still widely leveraged, so we've caught up with one security expert who highlighted three that should be on your radar and what you can do to protect your organization and employees.
The Exploit Kits
Prepare your employees
A common mistake that many security managers make is overestimating the knowledge and security behavior of their users, Unterbrink says. To combat any of these EKs, user education is probably the most important solution. “These EKs mainly use known vulnerabilities as well as social engineering and phishing tactics to exploit users,” says Unterbrink. “As a result, end user education becomes an important aspect of protection.” An employee that’s trained in recognizing spam and spotting phishing emails goes a very long way. Unterbrink suggests enlisting the help of the many third-party companies that provide user awareness programs and fake phishing services to train users up.
Layer your security
Security managers should be implementing countermeasures such as defense-in-depth. According to Unterbrink, this is the kind of “state of the art” approach to security that organizations should have in place. “Network security combines multiple layers of defenses at the edge and in the network,” he says. “Each network security layer implements policies and controls. Authorized users gain access to network resources, but malicious actors are blocked from carrying out exploits and threats.” When it comes to endpoints, advanced malware protection isn’t a bad idea because it also helps with detailed forensic information to analyze attack chains and prevent future ones from taking place.
Although he believes that the EK activity will continue to go down as operating systems grow more secure, security updates are of the utmost importance. If EKs are known to focus on exploiting known vulnerabilities, it’s imperative to keep making sure security bugs are fixed in time. “Users and security teams must keep all software – especially Office apps and browser plugins – up to date to ensure that all known vulnerabilities are patched,” Unterbrink says.