alphaspirit - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How can the Angler exploit kit's latest capabilities be mitigated?

As the Angler exploit kit evolves and adopts new functionality, it's becoming harder to detect and defend against. Enterprise threats expert Nick Lewis advises how to mitigate the threat.

The Angler exploit kit has been in the news a lot lately, with new variants popping up. What are the dangers of this hacking tool and how can they be mitigated on an enterprise level?

The Angler exploit kit is a standard exploit kit that has a modular framework for malware development and to manage the attack lifecycle. It has capabilities for hiding from antimalware detection -- such as making false calls to interact with the system and encrypting the data over the network -- to prevent it from being analyzed.

Angler can include multiple different vulnerabilities in the module depending on the target network and the exploits available; this makes customizing the malware easier and faster to adapt. Once the initial exploit is executed on an endpoint via a drive-by download, the Angler exploit kit runs its payload to infect the system with malware. It also has functionality for tracking which systems have been infected so the malware author can use these systems to send spam or other attacks.

One of the latest variants of the Angler exploit kit targeted three vulnerabilities in Adobe Flash Player.

Enterprises can mitigate the latest Angler risks by disabling Flash or using a network-based tool to block the malware, such as an intrusion prevention system or dedicated antimalware network tool.

Standard security control recommendations around securing endpoints are needed, such as keeping systems updated with the latest patches, securing configurations and using modern antimalware tools.

Not installing Flash on endpoints so they're not exposed to Flash vulnerabilities is also an option, or enterprises could potentially run Flash or Web browsers in a sandbox, making a Flash vulnerability more difficult to exploit.

Enterprise security awareness programs should include policies and information about using caution when opening attachments and clicking on links, but, of course, this goes in hand in hand with leveraging other technical controls.

Ask the Expert:
Want to ask Nick Lewis a question about enterprise threats? Submit your question now via email. (All questions are anonymous.)

Next Steps

Learn how to track and prevent crimeware attacks

This was last published in July 2015

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Here's a great antimalware tool:

End users and critical business functions would stop without secure and well functioning computers. The government's ability to function (and keep us safe) depends on computers and networks functioning free of malware as well...

Therefore, I propose we should stop dancing around with the producers of malware, and start treating the crime as a grave offense...

For beginners... hmmmm, let me see: how about a minimum 10 years in jail for individuals (first offense)... YES, TEN YEARS IN JAIL... and for state sponsors, such as the Chinese and others: we systematically reduce trade with them in 10% increments while, simultaneously increasing tariffs, until all cyber threats evaporate - and in China's case; as 80% of their exports are to America - I think that would happen rather expeditiously.

As for the "experts" who ring their hands and whine, "Oh, you can't do that!!" I retort... Yes we can. It just takes the will to do it, and then, it will be done.

However, I'm not without compassion... The first little rat they catch trying to wreck a family member's computer... I'll commit to pen paling with them, say once a month while they serve out their TEN YEAR SENTENANCE, and I'll even send them a Pineapple Upside Down cake every Christmas (the one Auntie Jin makes every year that we throw away.)

We wouldn't want them to get lonely after all.