Exploit kits are slowly migrating toward fileless attacks
#1
The malware landscape is in a constant flux, with new trends and techniques appearing and/or going out of fashion on a monthly basis.

Keeping an eye on what's what involves analyzing tens of thousands of malware samples, and this is exactly what the Malwarebytes team has been doing in terms of exploit kits, collecting and indexing campaigns and attacks for the past few years in order to get an insight into how the exploit kit landscape operates and might shift in the future.


What are exploit kits?

Exploit kits, or EKs, are web-based applications hosted by cyber-criminals. EK operators usually buy web traffic from malvertising campaigns or botnet operators.

Traffic from malicious ads or hacked websites is sent to an EK's so-called "gate" where the EK operator selects only users with specific browsers or Adobe Flash versions and redirects these possible targets to a "landing page."

Here is where the EK runs an exploit -- hence the name exploit kit -- and uses a browser or Flash vulnerability to plant and execute malware on a user's computer.


Fileless Attacks

In a report released last week, Malwarebytes researchers say EK operators are changing their tactics.

Instead of relying on dropping malware on disk and then executing the malware, at least three of the nine currently active EKs are now using fileless attacks.

A fileless attack relies on loading the malicious code inside the computer's RAM, without leaving any traces on disk.

Fileless malware has been around for more than half a decade, but this is the first time EKs are broadly adopting the technique.

"This is an interesting trend that makes sample sharing more difficult and possibly increases infection rates by evading some security products," said Jérôme Segura, Malwarebytes malware analyst.

The exploit kits leveraging this technique include Magnitude, Underminer, and Purple Fox.

These are small-time exploit kits when compared to other more broadly used EKs like Spelevo, Fallout, and RIG. However, this doesn't matter. The fact that a third of today's top EKs are using fileless techniques shows a clear direction where the EK market will be going in the following months and years.

One recent trend with the actors behind the exploit kits has been to focus on the vulnerabilities in Internet Explorer.

Most IE instances today are in enterprise networks. Enterprise networks are highly sought-after targets by EK operators.



https://www.zdnet.com/article/exploit-ki...s-attacks/
Reply
#2
M$IE? Flash?
Are these really ever permitted by IT departments?

Use Firefox, addons can spoof User-Agents, and even disable Flash until needed from a trusted site.

I dont know how a booger can achieve persistence by staying in memory. In a system shutdown memory should be cleared. If it writes to the page/swap file it can be scanned....
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Obama plunges toward Internet surrender to globalists Horisarte 1 16,538 Sep 08, 2016, 02:49 am
Last Post: joew771
  Are Browsers Helping Governments Carry Out Man In The Middle Attacks? Mike 0 14,030 Nov 08, 2014, 05:38 am
Last Post: Mike



Users browsing this thread: 1 Guest(s)