Exploit kit activity has dropped considerably since 2017, but new variants are being formulated, one of the latest vesions being the Disdain exploit kit.
An exploit kit is a web-based toolkit capable of probing web users’ browsers for weakness. If flaws are found, they can be targeted to silently download ransomware and malware.
All that is necessary for an attack to take place is for web users to be sent to the domain hosting the exploit kit and for them to have a vulnerable browser outdated plugin. At present, the author of the Disdain exploit kit believes his/her toolkit can exploit more than a dozen separate weaknesses in Firefox, IE, Edge, Flash and Cisco WebEx – Namely, CVE-2017-5375, CVE-2016-9078, CVE-2014-8636, CVE-2014-1510, CVE-2013-1710, CVE-2017-0037, CVE-2016-7200, CVE-2016-0189, CVE-2015-2419, CVE-2014-6332, CVE-2013-2551, CVE-2016-4117, CVE-2016-1019, CVE-2015-5119, and CVE-2017-3823. Many of those exploits are recent and would have a high probability of success.
No malware distribution campaigns have so far been discovered using the Disdain exploit kit, although it is likely to just be a matter of time before attacks are carried out. The Disdain exploit kit has only just begun being offered on underground forums.
Luckily, the developer does not have a particularly good reputation on the dark forums, which is likely to slow the use of the exploit kit. However, it is being sold at a low price which may be attractive to some malware distributors to start conducting campaigns. The EK can be hired for as little as $80 a day, with discounts being given for weekly and monthly use. The Disdain exploit kit is being sold for considerably less than some of the other exploit kits currently being sold on the forums, including the Nebula EK.
All that is needed is for someone to hire the kit, activate the malicious payload, and send traffic to the domain hosting the Disdain exploit kit – such as through a malvertising campaign or botnet. The price and capabilities of the EK mean it could become a major threat.