How the Exploit Kit Lifecycle Works
We’ve talked a bunch in recent months about the new trend of using exploit kits to distribute ransomware. But you might be wondering how exactly these exploit kits work. When they succeed, how do they succeed? When they fail, why do they fail? Below, we’ll explain the exploit kit lifecycle and show you how to protect yourself.
The Exploit Kit Lifecycle
It all starts when a hacker breaks into a website, with the goal of hijacking the website to spread malware. In most cases, hackers will use the hijacked site to spread exploit kits, which are malicious toolkits whose job it is to find security holes in your browser and then take advantage of them to inject malware onto devices.
Typically the websites that are hijacked are run on content management systems (CMS), such as WordPress or Drupal. There are millions of websites running these CMS, and many of them aren’t kept up-to-date. Who do they go after? We’ve seen county governments, soccer leagues, and horse farms all fall victim.
Attackers will troll these sites to figure out which ones get the most traffic. Once they choose a target, they will often add the exploit kit content right into the main page or a header or footer of the website. They’ll do whatever it takes to get users to accidentally run their code.
These exploit kits then tests hundreds of current exploits against browsers—looking for vulnerabilities in programs like Flash and Java or native bugs. If they find a weakness, boom! Malware will be downloaded and executed immediately, all without the user clicking on anything. See our graphic below for a quick rundown of the exploit kit lifecycle:
In order to protect your business and brand from these types of attacks, we have three tips to offer.
Keep Your CMS Patched
One, if you are using a CMS, please ensure you keep it patched so your public website isn’t turned into an exploit kit gateway. You don’t want to be made an example of. This may be as simple as setting up automatic WordPress updates, but make sure that they are running and that nothing remains unpatched.
Keep Your Devices Up-to-Date
Second, ensure that operating system and software updates to workstations (computers, smartphones, etc.) are being carried out regularly and effectively across your whole organization. Additionally, find any end-of-life systems (Windows XP and Server 2003 come to mind!) and get rid of them ASAP.
Use Malware Protection
Finally, if you’re concerned about your ability to patch quickly or completely, try a product like Strongarm that will protect your users from not just exploit kits, but phishing and other malware threats, too. The best type of protection is prevention, and Strongarm can slow down the exploit kit lifecycle and help keep exploit kits from injecting malware into your life.
Ready to protect yourself against the threat of exploit kits?