MENU

ACG-CYBER SECURITY BULLETIN NO 117 UNDERSTANDING EXPLOIT KIT

            The following information was obtained from the different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG).

            The information provided was classified as Restricted pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.

SUMMARY

“An exploit kit is a software kit designed to run on web servers, with the purpose of identifying software vulnerabilities in client machines communicating with it, and discovering the exploiting vulnerabilities to upload and execute malicious code on the client.”1

When a victim visits an infected website, the exploit kit scans the installed software and collect information in the machine to check if there are vulnerabilities which can be exploited.  If there are vulnerabilities, the exploit kit controls them in order to deliver malware payloads to infect the machine.

Exploit kit has two primary parts.  First is a control panel which allows an attacker to generate custom web pages and provide criminals with real-time performance statistics that keep tracks of the number of visits on infected web pages and how the victims are successfully infected.  Second is the web page component which is generated by the control panel, which contains the exploits and allow the attackers to auto-infect visitors of the web page through the vulnerabilities in the web browsers.

RECOMMENDATION


PNP personnel and the public are advised to follow the tips in order to stop exploit kits:

  • Always update your software with the latest patch available.
  • Shutdown instances of exploit kits when they are traced or add them to a blacklist.
  • Provide additional endpoint protection in your machines.
  • Reduce exposure to infected sites and be cautious with email attachments.
  • Always think before you click.

For additional information, please refer to the following websites: 

https://en.wikipedia.org

https://blog.barkly.com 

POINT OF CONTACT

            Please contact PCINSP ANGELICA STARLIGHT L. RIVERA, Chief, Personnel Records Management Section thru email address This email address is being protected from spambots. You need JavaScript enabled to view it. or contact us on telephone number (632) 7230401 local 3562 for any inquiries related to this CYBER SECURITY BULLETIN.