Today, most exploit kit activity Talos observes is powered through malvertising, or the use of malicious ads. These ads are usually hosted on a variety of different web pages and platforms, but most commonly is associated with illicit streaming services and adult content. However, this is not the only way users can be directed to exploit kits, as Spelevo shows. Spelevo leveraged compromised websites, another popular method, to infect victims.
Exploit Kits have one large limitation: Internet Explorer. For exploit kits to operate effectively, adversaries need to take advantage of an antiquated web browser that lacks many of the modern protections designed to defeat this specific type of attack. But the amount of people actively using Internet Explorer continues to dwindle as they migrate either to modern Windows-native web browsers like Edge or to some of the other open-source solutions like Mozilla Firefox and Google Chrome. However, Internet Explorer remains somewhat popular, and exploit kits will always be there to take advantage of its users.