- Research says that the US is responsible for the most exploit kit distributions globally.
- Mainstream exploit kits released in the US include Grandsoft, Sundown, and Rig.
- Recent improvements in security measures have dropped the number of malicious URLs globally.
The United States is home to the most web-based threats and exploit kit distributions according to research conducted by Palo Alto Networks. The study was lead by the security research company’s Unit 42 team. The list of countries hosting the highest malicious URLs includes Russia, China, Netherlands, and Australia.
Except for The Netherlands, the other top countries saw a decline in the number of malicious domains hosted. China had the most successful drop with just 2 malicious domains hosted in the country. With strict monitoring and a ban on VPN services, Chinese internet users have a hard time pulling off any suspicious activity on the internet.
Palo Alto also revealed that the some of the oldest exploit kit distribution platforms are still being used. KaiXin is the second most used distribution despite being four years old. According to the research team, cybercriminals do not care about the vulnerabilities that they exploit. As long as they are able to attack and infect a large number of systems, they will use any distribution platform.
Zero-day attacks have been on the rise. The research team revealed “In the realm of vulnerabilities, we see remarkable consistency, with a nearly identical roster of vulnerabilities under attack in this quarter as last quarter. The only notable addition to this roster is a vulnerability known to be used in zero-day attacks”
Many of the exploit kits rely on security bugs that were discovered more than 9 years ago. Two old vulnerabilities were pointed out by Palo Alto. They were found in older versions of Internet Explorer and are still in use with around 50 active malicious URLs. With many users around the world who choose not to update their systems with the latest software allow attackers to easily target such computers and inject malicious programs.