As Neutrino takes a hit, RIG Exploit Kit jumps at the opportunity and spreads ransomware



Andra Zaharia Heimdal SecurityAndra Zaharia (the picture is really her) from the Danish Heimdal Security wrote something interesting this morning that I thought you'd like to know:

In the world of cyber security, good things and bad are often intertwined.  For example, the makers of Angler, the most notorious and impactful Exploit Kit (definition), were arrested less than a month ago. Then Neutrino, another huge exploit kit, took a big hit when authorities stopped a massive malvertising campaign. 

But this left a huge gap in the cyber criminal market, which RIG promptly came to fill. So Heimdal Security published an analysis of the latest campaign of the RIG exploit kit, which is currently manipulating vulnerabilities in Adobe Flash Player and Internet Explorer to infect users with CrypMIC ransomware through drive-by attacks.

One of the current RIG campaigns is using script injection and domain shadowing to distribute malware on legitimate websites after gaining registrar access to those websites. They use iframes to direct traffic to malicious subdomains that serve as a vector for CrypMIC ransomware infections.

Certain dimensions of the malicious subdomain pages are randomized on every page load, making it easier for the malware to remain undetected by antivirus products. 

Since email is the #1 malware infection vector, and attacks are getting through your filters too often, getting your users new-school security awareness training which includes frequent simulated phishing attacks is a must as a part of your defense-in-depth strategy.


For instance, KnowBe4's integrated training and phishing platform allows you to send attachments with Word Docs with macros in them, so you can see which users open the attachments and then enable macros!

See it for yourself and get a live, one-on-one demo.

Request A Demo

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/kmsat-request-a-demo


  


Topics: Ransomware



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews