- The land of cybersecurity is constantly changing with new threat groups, malware, and trend entering and exiting the picture.
- Researchers analyzed a number of malware samples and have uncovered the current trend of exploit kits moving towards fileless attacks.
Exploit kits are applications that cybercriminals host to leverage an exploit for malicious activities.
The trend of fileless attacks
Traditionally, exploit kits dropped malware on disks and then executed the malware. However, three of nine exploit kits, that is a third of them were found to be relying on fileless attacks.
- A fileless attack involves loading the malicious code inside the computer’s RAM. This technique does not leave any traces on the disk.
- When exploit kits use the fileless attack technique, sharing samples becomes difficult.
- This technique also possibly helps evade security tools leading to a higher infection rate.
- Magnitude, Underminer, and Purple Fox are few of the exploit kits that are employing the fileless attack technique.
- Although these are relatively small exploit kits, this may indicate the growing trend impacting exploit kits.
“This is an interesting trend that makes sample sharing more difficult and possibly increases infection rates by evading some security products,” said malware analyst Jérôme Segura.
Although the technique of fileless attacks has been around for quite some time now, this is believed to be the first time exploit kits are adopting the technique.
Abandoning Flash Player exploits
Security experts also noted that exploit kits are abandoning Flash Player exploits and moving towards Internet Explorer bugs. This is interesting because the Internet Explorer browser occupies only a small part of the market.
Because Internet Explorer is primarily used in the enterprise environment, the exploit kits are targeting such networks with this strategy.