Over the past few years exploit kits have been widely adopted by criminals looking to infect users with malware.The exploit kit then proceeds to exploit security holes, known as vulnerabilities, in order to infect the user with malware. The entire process can occur completely invisibly, requiring no user action. In my research I try to deconstruct cyber kill chain involving one of the most notorious exploit kits used by cybercriminals – a kit known as Angler exploit kit. This talk will cover the evolution of AEK, it’s role in raising of ransomware threat, tricks used to send user web traffic to Angler landing pages, and methods to deliver payloads. It will also cover procedures that allowed us at OpenDNS to proactively discover and block landing pages and mitigate the risk of infections delivered by AEK, as well as the preventative measures that end-users and systems administrators can take to mitigate their risks.
I am current security analyst and penetration tester in the past.