It is never a bad sign when criminal activity on the internet is seemingly quieting down. The number of cyber attacks driven by exploit kits has almost dried up over the past few weeks, although no one knows for sure why that is the case. Rest assured this does not mean exploit kits are no longer being used, though.
A Lull In Exploit Kit Usage Is Worrisome
Security researchers are – rightfully – concerned over this lull in exploit kit usage by cyber criminals. Since these kits have facilitated the distribution of Trojans, malware, ransomware, and various other nefarious software types over the past, it is rather unusual to notice exploit kits are not used as often as before. This does not mean the number of cyber attacks will go down in the process, though.
Angler, Neutrino, and Nuclear exploit kits have been on the radar of security researchers for quite some time now. However, it appears none of them are actively deployed for cyber attacks these past few weeks, which is quite puzzling. Considering how the number of cyber attacks has not decreased by any means, criminals must be using a different attack method.
To be more specific, the use of exploit kits has dropped by nearly 300% between January and December of 2016. Interestingly enough, distribution of malware and ransomware has increased during the same period. Over the past few months, remote access trojans have been deployed to infiltrate systems before infecting them with malicious software, which could explain the drop in exploit kit usage.
That being said, the mystery regarding the disappearance of exploit kits needs to be solved. Several notorious cyber criminals have been arrested throughout 2016, although that should not necessarily affect the popularity of these tools. In the case of the Angler exploit kit, most of the people responsible for creating and maintaining the exploit kit’s infrastructure have been put behind bars. This does hinder the usefulness of the Angler exploit kit, yet doesn’t explain why no one is using Neutrino or Nuclear right now.
Speaking of Neutrino, the exploit kit saw its popularity dwindle during September of 2016. Thanks to a joint operation between Cisco and Godaddy, malvertising campaigns spreading this exploit kit were shut down. Then again, criminals often find a few ways to keep their business alive and kicking. For some reason, that does not seem to be the case right now, although it is possible, the researchers have not discovered this new method of distribution just yet.
Even though exploit kits are no longer the flavor of the month for criminals right now, it is expected they will make a comeback over the next few months. Criminals are far from ready to throw in the towel, and alternative delivery mechanisms are being explored as we speak. Office macros are becoming the primary distribution method for malware and ransomware right now. Once that method of distribution becomes less successful, cyber criminals will try to a new tactic. The gangs responsible for creating exploit kits are biding their time and making modifications, that much is evident.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.
