What are exploit kits?
Exploit kits are tools that cyber criminals use to scan your system for vulnerabilities, exploit the ones they find, and to download malware on your computer.
Usually the exploit kits scan for vulnerabilities in widely used software, such as Flash, Java, Silverlight and Internet Explorer.
Most of the attacks happen while surfing on legit websites. Cyber criminals prefer to compromise websites with already established traffic, and utilize them for delivering exploits to visitors.
The attack starts automatically when you visit a compromised website. Behind the scenes you get redirected to a malicious website containing the exploit kit. The exploit kit then continues to scan your browser for vulnerabilities.
If you for example use an outdated version of Java, it will send malicious code to exploit this vulnerability. The attack requires no action from you as a user, and the entire process is invisible to the naked eye.
If the attack succeeds, the exploit kit may deliver malware which gather financial information (credit card details, passwords, user names, etc.), or encrypts files and ask for ransom.
How can your company detect exploit kits?
As a company with several employees surfing online, the risk of getting attacked by exploits kits is high. Exploits can also be delivered through phishing emails sent to the employees.
By using network security monitoring, your company can detect suspicious traffic and determine whether an attack succeeded or not. It gives the company a chance to see what is happening behind the scenes when users are browsing the internet, and if any malware is getting downloaded.
It also gives the company an opportunity to extract malicious files and identify what kind of malware they are dealing with. In addition to implement proper countermeasures.