As technology has developed, both its use in industry and commerce has grown causing a real dependency on the devices we are so familiar with today. With these developments, threats have grown more sophisticated and common causing regular occurrences of computer misuse as defined by the act in 1990. One of the most subtle of modern threats is also widely unheard of – exploit kits.
An exploit is code that takes advantage of vulnerabilities in a program to make it behave in a different manner. Exploit kits are web-based exploits that analyze devices accessing that site and then launch a payload. The characteristic; however, that sets exploit kits apart from other forms of malware is its ease with which it gains access to device. By simply visiting a compromised website the exploit is run and the operator gains knowledge of all the vulnerabilities of a system. If the exploit is successful, the kit will launch the payload which will be targeted to take advantage of the vulnerabilities found by the exploit. Typical payloads involve the installation of malware such as: ransomware, banking-trojans, and botnet components.
For a device to be completely exploited it must therefore both open a page hosting an exploit kit and also have vulnerabilities that can be taken advantage of. This is why it’s important to ensure software is always up to date and no miscellaneous applications are installed. Also, it’s important to monitor your browsing and stick to reliable and popular websites which will have high security and fast responses to threats.
It’s becoming more and more important to understand and be able to combat these threats due to the popularization of crimeware (proprietary utility programs sold and leased on unscrupulous forums). This gives people drastically easier access to forms of malware and raises the likelihood of any individual being exposed to similar programs at some point in their life and career.