ThreatList: Exploit Kits Still a Top Web-based Threat

What we can glean from a 2018 roundup of current web-threats is old vulnerabilities die hard. In a report, released by Palo Alto Networks Unit 42, researchers said so far this year cybercriminals are targeting unpatched PCs with ancient CVEs and well-known exploit kits.

Here is a ThreatList from the research firm’s Current Trends in Web-based Threats report, released last month.

In the first quarter of 2018, Unit 42 found 1583 malicious URLs across 496 different domains. Attackers used at least eight old and public vulnerabilities. The Top 3 CVEs used are:

1. CVE-2014-6332: Vulnerability in Microsoft Internet Explorer’s VBScript
2. CVE-2016-0189: Vulnerability in Microsoft Internet Explorer’s VBScript
3. CVE-2015-5122: Vulnerability in Adobe Flash Player

Unit 42 also reported of the 1,583 URLs found in malicious emails it examined, 1,284 were exploit kit related.

Top exploit kits are:

• KaiXin
• Sundown
• Rig
• Sinowal

“We found Sundown and Rig EKs are slowing down not only in the number of vulnerabilities used but also in how often they are upgraded. However, KaiXin EK is still evolving. As we can see (below) KaiXin takes the lead when compared with Sundown and Rig. KaiXin was discovered in 2012 and became more and more active according our observations. The most exploited vulnerabilities in KaiXin are CVE-2016-0189 and CVE-2014-6322. We saw the very old EK Sinowal was also active with one malicious URL,” researchers wrote.

(ThreatList is an occasional overview of InfoSec landscape as represented in at-a-glance lists of relevant data.)