Exploit Kits Deliver Big Returns for Hackers

The Trustwave 2015 Global Security Report details the financial success attackers are achieving via exploit kits and how to avoid them.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors


There are a lot of different ways that hackers can attack users and devices, but perhaps the easiest and most lucrative method is via an exploit kit. The new 2015 Trustwave Global Security Report reveals that hackers are getting an estimated 1,425 percent return on investment from exploit kit and ransomware campaigns.

The report is based on 574 data compromises that Trustwave investigated. In contrast, Trustwave's 2014 report was based on 691 data compromises.

As to why exploit kits are so lucrative for attackers, there are a number of reasons. Karl Sigler, threat intelligence manager at Trustwave, explained that regular patching is a crucial component to preventing the exploit kits from putting ransomware on user systems from the start.

"Exploit kits typically look for vulnerabilities in your Web browser or one of the browser's many plug-ins," Sigler told eWEEK. "If you keep your browser and plug-ins patched regularly, you should be immune to most exploit kits."

Lack of patching is something that vendors have been highlighting over the years. In February, Hewlett-Packard reported that 44 percent of all breaches could be attributed to patched vulnerabilities that were between 2 and 4 years old.

In addition to regular patching of system components and applications, antivirus technologies still play a role in limiting the risk of exploit kits and ransomware. Sigler explained that it is post-exploitation when the malware gets placed on the victim's computer.

"Anti-malware technologies remain an important security control," he said. "When used as a gateway filter, they can often detect and strip out ransomware before it strikes."

Trustwave's analysis also found that 98 percent of the applications had at least one vulnerability in 2014. Sigler noted that many of the applications scanned by Trustwave are custom Web applications, so the vulnerabilities were new to the client and patches needed to be developed.

"In the case of COTS [Common Off-The Shelf]-type applications, it was often the case of patches that had not been applied as opposed to the vulnerability being known about and then deprioritized," Sigler said.

Application vulnerabilities and lack of patching are not the only paths to exploitation that Trustwave discovered. The company found that 56 percent of compromises were a result of weak passwords and remote access security. Looking specifically at point-of-sale (PoS) breaches, the number rises dramatically, with 94 percent of breaches attributed to weak passwords and weak remote access security.

Looking to the future, Sigler noted that while it's still a little early for 2016 predictions, he believes that there may be an increase in malware-as-a-service models.

"We've seen this in the Magnitude Exploit Kit, where rather than charge users, the criminals offer the service for free and take a cut on the back end," Sigler said. "I expect we'll see more of this type of model down the road."

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.