After they were first created during 2006, exploit kits have evolved into the main weapon of choice for automated malware delivery.
These kits are composed of programs that can be installed on web portals in order to identify and take advantage of recognised vulnerabilities. This takes place when a browser comes onto the portal and triggers a scan by the exploit kit to identify specific software vulnerabilities that have yet to be addressed with an update or patch. Once this is found the exploit kit will be able to install a malware payload without any further interaction from the browser.
This method of attack was widely witnessed from 2010-2017, after which the use of this method dropped somewhat. However they are still very much an active threat when it comes to cybersecurity. Some of the best-known exploit kits are constantly refreshed to add new exploits for known vulnerabilities. In recent times these kits have been mainly deployed in order to install malware that can activate ransomware. One of these is the Fallout exploit kit that was used to share Maze Locker ransomware, and the Magnitude EK which was deployed to spread ransomware in the Asia Pacific region from 2013 onwards.
Typically, exploit kits are placed on authentic web portals that have been hacked, in addition to malicious hacker-owned websites laced with malware. Due to this it can be the case that someone visits these web portals without realizing it.
One of the most popular kits currently is the Magnitude EK. Previously it was only deployed on Internet Explorer. Recently it has been discovered that the exploit kit has now been updated to be installed using Chromium-based web browsers on Windows PCs.
Anti-virus expert group Avast has revealed that the Magnitude EK has recently added two new exploits. One aimed to take advantage of a vulnerability in Google Chrome – CVE-2021-21224 – and the other focused on the Windows kernel memory corruption vulnerability labelled CVE-2021-31956. A cybercriminal could obtain system privileges using the remote code execution vulnerability Google Chrome bug or the Windows bug that allows bypassing the Chrome sandbox.
Google and Microsoft have made patches available to mitigate these vulnerabilities. The onus is on users to run these updates. If not it will only be a matter of time before Magnitude EK takes advantage of the weaknesses to install malware. For businesses an additional layer of cybersecurity to prevent this type of attack would be using a web filter. These are similar to spam filters in that they stop malware delivery from malicious websites and are one of the strongest anti-phishing measures you can use.
WebTitan, one of the best web filters available, was created by TitanHQ to keep companies safe in the face of these cyberattacks and manage web access levels for office-based and remote workers – a key feature for tools designed to prevent browsers visiting malicious websites. This web filter solution is DNS-based and is very straightforward to configure, so much so that it is in operation on the databases of more than 12,000 companies and MSPs to complete tasks for content filtering, malware prevention and to provide an extra obstacle for phishers.
In order to enhance your cybersecurity protection measures with WebTitan and block malware contact the TitanHQ experts as soon as you can. There is also a 100% free 14-day trial for you to avail of so you can test the solution in your own environment.