Shadow Brokers Exploit Kits Are A Malware ‘Game Changer’

Security experts at Kaspersky Lab have warned that the ‘unrelenting scale’ of exploits from known software vulnerabilities has been driven by the easy availability of exploit packages in-the-wild.

Indeed, Kaspersky Labs has labelled the arrival of these exploit packages as a “game changer” in the cyber threat landscape this year.

This was the main finding in Kaspersky’s Malware report for the second quarter of 2017, which revealed that exploits leaks had contributed to 5 million attacks in the second quarter.

Exploits kits or packages are malware that utilises flaws and vulnerabilities found in software to infect devices with malicious code such as banking trojans, ransomware, or espionage malware.

According to Kaspersky Labs, attacks that utilise an exploit are hugely popular with cyber criminals as they often don’t require require any user interaction, and can deliver their dangerous code without the user suspecting anything.

The researchers said that in just three months it had blocked more than five million attacks that involved exploits from archives leaked on the web.

It pointed to the Shadow Brokers’ publication of the “Lost In Translation” archive, which contained a large number of exploits for different versions of Windows, as signalling the start of this trend.

The researcher said that even though most of these vulnerabilities were not zero-day vulnerabilities and were patched by subsequent Microsoft updates, “the publication led to disastrous consequences”.

“The average number of attacks per day is constantly growing: 82 per cent of all attacks were detected in the last 30 days of the quarter,” it warned, citing the ExPetr and WannaCry pandemics as being the most notable examples.

Patch Often

“The threat landscape of Q2 provides yet another reminder that a lack of vigilance is one of the most significant cyber dangers,” said Alexander Liskin, security expert at Kaspersky Labs. “While vendors patch vulnerabilities on a regular basis, many users don’t pay attention to this, which results in massive-scale attacks once the vulnerabilities are exposed to the broad cybercriminal community.”

The report also found that attempted infections by malware that looks to steal money via online banking was found on 224,675 user computers, compared to 288,000 computers in the first quarter.

And crypto-ransomware attacks were blocked on 246,675 computers, compared to 240,799 computers in Q1.

On average, 17.26 per cent of Internet-connected computers in the world at least once faced a web attack using the malware-class malicious objects,” said Kaspersky Labs.

It said users should keep their software up-to-date and wherever possible, choose a software vendor that demonstrates a responsible approach to a vulnerability problem. Users should also use “robust security solutions” and regularly run a system scan to check for possible infections.

Kaspersky Labs in July celebrated its 20th birthday by releasing free antivirus to bolster the protection of all customers. ‘Kaspersky Free’ will not compete with its premium offering, which includes parental controls, VPN access and other features.

Quiz: What do you know about cyber security in 2017?