Cybersecurity had a turbulent 2016, to say the least. We saw the rise of ransomware, the emergence of IoT botnets, landmark security legislation and Yahoo’s disclosure about its 1-billion-record-hack, the largest in history.
The recent FireEye discovery of an Angler Exploit Kit variant that bypasses Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) has taken the cyber security world by surprise – but it shouldn’t have. New variants of the Angler EK crop up constantly (see Javascript in IE Overtakes Flash as Number One Target for Angler Exploit Kit) and EMET was never meant to be infallible, just make it more difficult for hackers. EMET, which uses a set of predefined rules to prevent specific malware, is often relied upon to stop zero-day attacks on Windows systems until a patch is developed for the vulnerability. Although researchers have previously discovered vulnerabilities that allowed them to bypass EMET defenses, this is the first time an exploit in the wild has been successful.
Topics: Exploits, 0-day exploits, Angler Kit, Ransomware
In Morphisec labs, we are constantly tracking the behavior of the exploit kits that are making life easy for hackers and complicated for security managers. Since the EKs need to take advantage of whatever vulnerability they can find on an end user’s device, they typically have a roster of vulnerabilities to try, and if the first one does not work, they go on to the next one.
Topics: Exploits, Angler Kit, Attack Analysis
