Exploit kits (EK) have long been feared by both users and developers, since they can invade a browser and ultimately gain control of a host machine. New reports released today, however, seem to insinuate that these kinds of attacks are quickly becoming less effective than ever before.
Technicians and security experts once found zero-day bugs that had to be patched on a regular basis as the result of EK attacks. Some may remember infamous problems with Apple Safari for Windows and other prominent releases that marred really exciting product launches.
However, it seems like the era of EK attacks might finally be over. Information from the reports states that most browsers these days are more than robust enough to fend off any EK attacks that might be aimed at them.
The last major kits that worked to any large degree that researchers have been able to find were in 2016 or so. A number of operators at the time were arrested as a result of ongoing legal action.
Some crackers moved on to other types of attacks or ceased any sort of criminal activity as they feared detection during prominent police investigations. Nobody was developing new exploits as of late 2017 to add to crackers’ arsenals, which means that those who want to carry out these kinds of cyberattacks today would have to rely on older tools.
Security experts working for Palo Alto Networks published a report just yesterday that details a series of interesting statics related to vulnerabilities exploited in the first quarter of 2018. These researchers found just under 1,600 malicious URL locations across nearly 500 different domain names. Each of these lead to a landing page that attempted to install a kit.
Out of these thousands of attempted attacks, however, only eight different exploit tools seemed to be at play. All eight of these relied on vulnerabilities that were very old. The newest one dated to 2016 or so, meaning that users who have newer browsers installed were essentially immune.
Moreover, those who’ve deployed modern versions of Firefox, Safari, Chrome or Falkon were functionally not threatened at all by seven of these exploits as they were designed to go after specific problems in Internet Explorer.