Colors: Purple Color

Exploit kit activity is waning. Collectively these malware distribution tools used to be a prominent method of infection. They rely on compromised websites, malicious adverts and social engineering to direct web traffic to their landing pages and attempt the exploitation of vulnerable software. Operated by various actors and groups, exploit kits possess different features, use various exploits and distribute different malware to victims. Since June 2016 at least four of the major players in this area ceased to be active. In this blog, I wanted to explore which exploit kits are still around and propose some plausible scenarios for the future of the exploit kit landscape.

On 12 May 2017, as the WannaCry ransomware spread across computer networks across the world, a variety of explanations also began to worm their way through the information security community. Who was responsible for the WannaCry campaign? And what was the objective? Ransomware suggested it was the work of cybercriminals, although, given the sheer scale of infections and disruption, some commentators suspected the hand of a nation state. Despite relentless analysis from the security research community that has brought fragments of new information to the fore, no consensus has yet been reached on an attribution for the campaign.

I’ll venture to guess you’re using a mobile device to read this. In a recent Ericsson Mobility Report, the total number of mobile subscriptions at the end of 2016 was approximately 7.5 billion and growing around 4 percent year-on-year.  Greater speed, power and storage capabilities of mobile devices means they are used more frequently for activities previously reserved for laptops or PCs.

If you’re familiar with mafia movies then you’re familiar with extortion – the practice of obtaining something, especially money, through force or threats. Extortion has been around for centuries – well before “The Godfather” or “Goodfellas.” Even cyber extortion, which extends this criminal activity into the digital world, isn’t new. What is new, however, is the wide variety of methods that are used by the bad guys to get their money.

Think about your last birthday. With Facebook making it so easy to send a happy birthday wish, no doubt you were inundated with friend-love.  Friends that you haven’t spoken to for 12 months come out of the woodwork for the simple (and sometimes token) act of sending you a birthday message. Your Facebook Wall becomes a sea of sameness, punctured only occasionally with personalised messages like a ‘throwback’ snap – a touch of personalisation that cuts through the clutter.

Page 4 of 5