By Sean Michael Kerner
At the beginning of every new year, vendors and tech pundits alike look ahead to what’s next for IT security. While I understand the need to do so to help identify coming threats and emerging trends, the simple truth is that for the vast majority of IT users (and people reading this column), emerging threats are not the primary risk—rather, it is existing threats that should be the prime concern.
Cyber-crime is a business and, like most modern businesses, speed of infection and economies of scale are critical to success. That’s why exploit kits, be it Angler, Rig or otherwise, were popular in 2015 and will be popular for years to come. With an exploit kit, a would-be attacker gets access to a bundled package that enables easy exploitation of users. An exploit kit is not a one-off tool, but rather is intended for mass exploitation. The path to that exploitation, more often than not, is a vulnerability that has already been patched by the impacted software vendor.