14 DAY TRIAL // After last year exploit kit usage had gone up by 75%, cyber-security vendors are now reporting a spike in exploit kit usage, just as 2016 got underway.
The first to report on this issue were security researchers from Heimdal Security, who identified multiple such campaigns involving Neutrino, RIG and the Angler exploit kits.
One of these is a mutation of a previous campaign that used the Neutrino exploit kit. As we entered 2016, the group behind this operation decided to change servers while also updating their malware payloads to deliver ransomware from the Kovter and CryptoLocker 2.x families.
Black hat SEO techniques used to boost search engine rankings
On top of this, the group has also started employing black hat SEO campaigns to improve the search engine ranking for the exploit kit's landing page. This is where the exploit kit scans users and infects them with the appropriate malware via an older Flash security vulnerability (CVE-2015-7645).
Just like the group behind the Neutrino exploit kit campaign, there's also another group using the RIG exploit kit, again employing black hat SEO poisoning tricks to improve search engine rankings, but using vulnerabilities in software like Adobe Flash, Adobe Reader, Adobe Acrobat and Microsoft Silverlight.
This campaign infects users with the Pony infostealer and the TofSee trojan, which collect mainly financial information.
Angler exploit kit deployed to over 90K websites
On top of Heimdal's findings, researchers from Palo Alto Networks have also discovered that cybercrime groups using the Angler exploit kit have managed to infect around 90,000 websites, with 30 of these ranked in Alexa's Top 100,000.
Based on traffic estimations, over 11 million users have visited the compromised websites in the past month.
Out of all the exploit kits, Angler was the most used, deployed in 30% of all compromised websites, as Infoblox reported last year. Angler is also the most technically advanced exploit kit, providing support for a more diverse infection spectrum and including various antivirus evasion techniques.