Angler, Magnitude, Neutrino & Nuclear, the most popular EKs

Nov 18, 2015 15:24 GMT  ·  By

InfoBlox, a US network control company, has recently released its DNS Threat Index for Q3 2015 (PDF), together with IID, and according to data gathered during the past three months, exploit kit usage has skyrocketed with a 75% increase compared to the same period last year.

Out of all the exploit kits, Angler, Magnitude, Neutrino, and Nuclear usage went up, accounting for 96% of all the total activity during Q3. Angler was seen in 30% of the cases, followed by Magnitude with 29%, Neutrino with 21%, and Nuclear with 16%.

Researchers claim that users are redirected to exploit kits mostly via spam campaigns and compromised websites.

Exploit kits (EKs), the noob hacker's favorite tool, can be viewed as a swiss army knife when it comes to online cyber-crime. Exploit kits are software packages that come filled with a broad range of attacks they can execute on victims that land on websites where they're hosted.

They are cheap, easy to configure, and easy to deploy. Criminals don't need a high level of skills to set one up, and results usually come soon after.

Exploit kits usage expected to grow

“Cybercriminals don’t stand still, and exploit kits are constantly evolving to take advantage of newly discovered vulnerabilities and to avoid traditional security systems,” said Rod Rasmussen, chief technology officer at IID.

DNS is an important part of detecting exploit kit activity since most of the malware campaign's communications and activities use this protocol to deliver victims to EK landing pages.

Their simplicity and the constant stream of updates they receive from their creators make exploit kits a tool that will continue to see broader usage in upcoming months and even years.

As long as hackers continue to integrate the most recent software vulnerabilities in exploit kits and then make them available at low prices, criminal groups will continue to look for them on the Dark Web.