Abstract
Exploit kits are malicious toolkits or platforms that are used to exploit security vulnerabilities in software or systems to perform various malicious actions such as stealing data and spreading malware. Exploit kits contain various payloads or malicious code that are used to detect vulnerabilities, target users and computers. Exploit kits use social engineering techniques such as phishing and malvertising to exploit software vulnerabilities by first exploiting the users. Social engineering attacks aim at tricking users and organisation into providing confidential information to attackers such as usernames, passwords, and identity numbers. This study will analyze social engineering attacks particularly phishing campaigns used by exploit kits. The study analyzed the results of the phishing simulation of how exploit kits work including their threat actors, payloads and how they eventually spread malware onto the target.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Sjouwerman, S.: Phishing and social engineering in 2018: is the worst yet to come? In: Social Engineering, p.35. KnowBe4 Website, KnowBe4 Inc. (2018)
Mckeay, M.: Phishing—Baiting the hook. In: Intelligent Security Starts at the Edge, p. 26. Akamai (2019)
Hadnagy, C. (ed.): Social Engineering. The Science of Human Hacking, 2nd edn., vol. 2. Wiley, Indianapolis (2018). IN 46256
Fruhlinger, J.: Social engineering explained: how criminals exploit human behavior (2019)
Australian Government: Australian cyber security centre threat report. In: Threat Report, Cyber Government, p. 24 (2016)
Verizon: Data breach investigations report. In: Data Breach Investigations Report 2017, p. 76. Verizon Enterprise, Verizon (2017)
Palo Alto Networks: Exploit kits - getting in by any means necessary. In: Unit42-exploit-kits-wp-101716, p. 13. Palo Alto Networks Web Site (2016)
Scarfo, A.: Exploit kits for all. Blog (2016)
MDAR Team: Exploit kits remain a cybercrime staple against outdated software – 2016 threat landscape review series (2017)
Colen, C.: Exploit kits turn to malvertising for survival. In: Exploit Kits Turn to Malvertising for Survival. Pindrop blog, Pindrop (2018)
NJCCIC Exploit Kits: A Prevailing Vector for Malware Distribution. Threat Analysis (2015)
Microsoft Exploits and exploit kits (2019)
Andra, Z.: How Drive-by Download Attacks Work – From Disbelief to Protection. Heimdal Security (2016)
Enisa, ENISA Threat Landscape Report 2017. In: 15 Top Cyber-Threats and Trends, p. 114. ENISA (2018)
Chen, J.C., Li, B.: Evolution of exploit kits (2015)
McAfee Labs: McAfee Labs Threats Report. In: Threat Report, McAfee Labs (2018)
Segura, J.: Disdain exploit kit and a side of social engineering deliver Neutrino Bot in Disdain exploit kit and a side of social engineering deliver Neutrino Bot. Malwarebytes Blog, Malwarebytes (2017)
DeGrippo, S.: Social Engineering Breathes New Life Into Exploit Kits, Web-Based Attacks. In: Social Engineering Breathes New Life Into Exploit Kits, Web-Based Attacks. Proofpoint.com, Proofpoint (2017)
Kafeine EITest Nabbing Chrome Users with a “Chrome Font” Social Engineering Scheme (2017)
Salahdine, F., Kaabouch, N.: Social engineering attacks: a survey. Future Internet 11(4), 17 (2019)
Zheng, K., et al.: A session and dialogue-based social engineering framework. IEEE 7, 14 (2019)
Security, M.I.: Hacking the human operating system: the role of social engineering within cybersecurity. In: Threat Report, p. 20. McAfee (2015)
Lu, L., et al.: BLADE: an attack-agnostic approach for preventing drive-by malware infections. In: Proceedings of the 17th ACM conference on Computer and Communications Security 2010, pp. 440–450. ACM, New York (2010)
Priya, M., Sandhya, L., Thomas, C.: A static approach to detect drive-by-download attacks on webpages. In: 2013 International Conference on Control Communication and Computing, ICCC 2013 (2013)
PCRisk New Malvertising Campaign Distributes Exploit Kit and Ransomware, vol. 1 (2019)
Segura, J.: Exploit kits: summer 2019 review. In: Malwarebytes 2019. Malwarebytes Inc., Malwarebytes (2019)
Trendmicro Lord Exploit Kit Rises, Delivers njRAT and Eris Ransomware. Cybercrime & Digital Threats, Exploits, Vulnerabilities, vol. 1 (2019)
Chandrayan, S.: Criminals increasingly using malvertising to direct victims to exploit kits. In: Security Response. Symantec, Symantec (2017)
Kotov, V., Massacci, F.: Anatomy of exploit kits, pp.181–196. Springer, Heidelberg (2013)
Kurniawan, A., Fitriansyah, A.: What is exploit kit and how does it work? Int. J. Pure Appl. Math. 118(Special Issue), 509–516 (2018)
Cannell, J.: Tools of the Trade: Exploit Kits, vol. 1 (2013)
Zheng, K., et al.: A session and dialogue-based social engineering framework. IEEE 7, 67781–67794 (2019)
Wright, J.: Gophish kit (Gophish Website) (2019). https://getgophish.com/. Accessed Oct 2019
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Mokoena, T., Zuva, T., Appiah, M. (2020). Analysis of Social Engineering Attacks Using Exploit Kits. In: Silhavy, R. (eds) Intelligent Algorithms in Software Engineering. CSOC 2020. Advances in Intelligent Systems and Computing, vol 1224. Springer, Cham. https://doi.org/10.1007/978-3-030-51965-0_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-51965-0_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-51964-3
Online ISBN: 978-3-030-51965-0
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)