Proactive IT Strategy at Thriveon

What You Should Know About Exploit Kits

Written by Sam Bloedow | 10/17/16 10:33 PM

Unless you work in the cybersecurity or IT support field, you probably haven’t come across the term “exploit kit” but learning about what these are and what they do will help you and your employees stay safer on the web and protect your company from a serious cyberattack. Here’s what you need to know:

What Are Exploit Kits?

An exploit kit is a software tool that cybercriminals use to find victims. By running a program that looks into the PC or device for unpatched or outdated programs, it can gain entry to the machine and download malware by "exploiting" weaknesses in the outdated software.

Who Uses Exploit Kits?

Bad actors (slang for cybercriminals) who do not necessarily have technical skills can purchase SaaS (web-based software or Software as a Service) subscriptions for Exploit kits that include dashboards for control and reporting, updates and sometimes support.

What Harm Can Exploit Kits Cause?

Successful exploits result in machines being held for ransom (ransomware); monitoring and recording of actions on your machine (spyware and keyloggers); harnessing of your machine's resources (bots); and installation of other malicious software (malware).

How Do Exploit Kits Work?

They run on web servers that you can encounter as you are doing your everyday activities on the web. A compromised website or fake advertisement (malvertising) will expose you to a web page that runs the tool that profiles the device you are using and identifies any unpatched or unsecure software that it can use as a door. Once in, it will inject the malware that causes the harm and provides a way for the bad actor to make money.

How Do You Avoid Being Exploited?

Even if you encounter an attempted exploit, there is no way for the malware to get in if there are no vulnerabilities in your software so the first step is to set auto-updates and don’t ignore reminders for updates. You can also implement technical measures such as blocking of potential malicious web pages.

Why Are You Hearing About This Now?

Because exploit kits are easy to use and affordable, they have dramatically increased the number of bad actors who can try to harm you while you are on the internet. Additionally, automation and the evolution of the cybercrime ecosystem has made it lucrative for cybercriminals to go after small and medium sized businesses because they are easy targets.