There’s a new kid on the block. Its name is Lord EK and it could potentially (along with all the other Exploit Kits out there) cause people grief if left unchecked.
First things first: what’s an “Exploit Kit?”
An exploit kit is automated threats that utilize compromised websites to divert traffic, scan for vulnerable browser-based applications, and run malware.
They’re developed to exploit vulnerabilities on a victims’ end-point automatically and silently while they browse the internet. Because of how highly automated they are, exploit kits have become incredibly popular.
Exploit kits initiate after the victim visits a compromised landing page. The page then diverts web traffic to another landing page. Code in the landing page profiles the victim’s device and looks for vulnerable browser-based applications.
Typically if the victims’ system is up to date and fully patched the exploit will cease to run. If not, the compromised site diverts network traffic to the exploit and then delivers a payload.
The payload can be used to retrieve malware or can be malware (like ransomware) itself.
Beyond Lord EK, some other popular exploit kits currently in the wild are:
- Spelevo EK
- Fallout EK
- Magnitude EK
- RIG EK
- GrandSoft EK
- Underminer EK
- GreenFlash EK
How do you stop them?
The most commonly used exploits leveraged by Exploit Kits are:
- CVE-2018-4878 (Adobe Flash Player)
- CVE-2018-8174 (Internet Explorer)
- CVE-2018-15982 (Adobe Flash Player…again)
Patch, patch, patch your end-points. Make sure your end-points are as up to date as possible. Right now all three of those exploits have been patched. 4878 was patched in February of 2018, 8174 was patched in August of 2018 and 15982 was patched in December of 2018.
Also, beyond patching it’s probably a good idea to limit what kind of browser-based applications you might have on your machine. At this point, there is absolutely no reason to have ANY version of Flash Player running on your endpoint.
The web and the world at large had moved completely past Adobe Flash and running the software at this point only provides a benefit to would-be attackers.
Most of the popular web-browsers, including Safari, Firefox, and Chrome no longer support the software (we’re looking at you Internet Explorer and Edge) and Adobe itself plans to completely ditch support for it all together in 2020.
If you’re running Adobe Flash we recommend you remove it entirely.
Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.