Spelevo EK is one of these newer exploit kits that we see on a regular basis via malvertising campaigns. It’s worth noting we’re seeing some exploit kits no longer using Flash, while others are relying on much older vulnerabilities. Internet Explorer’s CVE-2018-8174 and Flash Player’s CVE-2018-15982 are the most common vulnerabilities, while the older CVE-2018-4878 (Flash) is still used by some EKs. This is an interesting trend that makes sample sharing more difficult and possibly increases infection rates by evading some security products. Perhaps even more surprising, we’re seeing new exploit kits emerge.īased on our telemetry, these drive-bys are happening worldwide (with the exception of a few that are geo-targeted) and are fueled by malvertising most often found on adult websites.Įven though the weaponized vulnerabilities remain fairly old, we’ve observed a growing number of exploit kits go for fileless attacks instead of the more traditional method of dropping a payload on disk. Despite a slim browser market share, Internet Explorer is still being exploited in fall 2019 in a number of drive-by download campaigns.
