An exploit kit is exactly what it says it is, a kit devised by cyber criminals for a customized attack.
The following is the short version of how it works;
You the user visit a page, it can be any type of page even a trusted site that you have visited for years and has been infected with an exploit kit.
Within seconds of visiting the page the site begins to gather Intel on your windows based system all this Intel is to pin point specific weaknesses in applications, environments, and or browser vulnerabilities, an evil pen test would be a good description.
Now that the kit knows your vulnerabilities it sends exploits designed specifically for those weaknesses, once in the malware is delivered in whole, your machine is infected and you are at the mercy of the criminal who can basically drop anything they want onto your system such as ransomware, or simply use your computer as a gateway to the rest of the network to gather financially viable information.
One of the better known exploit kits is known as Angler, it is reported that Angler is responsible for 40% of user penetration, something to take very seriously.
So what do you do?
- First and foremost state of the art endpoint protection.
- Pen test find the vulnerabilities before they do, and plug the holes.
- Web browsing restrictions.
- Good policy restrictions.
- Employee education.
Keep in mind it does not take a technical person or a computer whiz to exploit your system. Exploit kits can easily be bought on-line and even come with a user-friendly interface. This enables the attacker to track the evolution of the malware campaign, and adjust settings as required.