Criminal hackers are fickle about their attack vectors. You need to look no further for evidence of this than their constant migration from one exploit kit to another. And while there is an expansive menu of exploit kits, attackers do seem to congregate around a precious few.
Researchers who study exploit kits closely, however, are reporting that two major kits, Angler and Nuclear, may be off the table. Both are responsible for tens of millions of dollars in losses, and countless web-based infections dropping everything from ransomware to click-fraud malware. But the recent arrests of the Russian gang behind the Lurk malware may have put an end to the availability of the Angler Exploit Kit and an expose from Check Point Software Technologies has apparently done in the Nuclear Exploit Kit.
French researcher Kafeine, one who specializes in exploit kits, said he has not seen any Nuclear activity since April 30, and Angler since June 7.