An article over at Bleeping Computer gives very good insight into the use of exploit kits. It seems that cybercriminals have started to move away from exploit kits that spread ransomware in favor of spreading cryptocurrency miners and information-stealing trojans.
The exploit kit landscape has continued its downfall started in the summer of 2016 and its leading player —the RIG exploit kit— has stopped delivering any ransomware strains in 2018, focusing now on spreading cryptocurrency miners (coinminers) and information-stealing trojans (infostealers).
Palo Alto Network security researcher Brad Duncan gives his take on why exploit kits are declining.
Duncan says various reasons contributed to RIG and the EK landscape’s downfall, such as modern browsers getting harder to hack, Flash use going down after major browsers switched to an HTML5-first policy, and several coordinated takedowns aimed at EK operations.
An important item to note, the downward trend of exploit kits doesn’t mean the end of ransomware. New services that facilitate Ransomware as a Service are continuing to pop-up. These well coded, easy to use services will make ransomware a continued pain to businesses and individuals.