dcsimg

Exploit kits: fall 2018 review

Exploit kit (EK) activity continues to surprise us as the weather cools, the leaves change, and we move into the fall of 2018. Indeed, shortly after our summer review, a new exploit kit was discovered, and while no new vulnerabilities were added to the current EKs, several malvertising chains are still going strong. Smoke Loader, Ramnit, and AZORult are some of the most common payloads we’ve … [Read more...]

Exploit kits: summer 2018 review

The uptick trend in cybercriminals using exploit kits that we first noticed in our spring 2018 report has continued into the summer. Indeed, not only have new kits been found, but older ones are still showing signs of life. This has made the summer quarter one of the busiest we’ve seen for exploits in a while. Perhaps one caveat is that, apart from the RIG and GrandSoft exploit kits, we … [Read more...]

Magniber ransomware improves, expands within Asia

This blog post was authored by @hasherezade and Jérôme Segura. The Magnitude exploit kit is one of the longest-serving browser exploitation toolkits among those still in use. After its inception in 2013, it enjoyed worldwide distribution with a liking for ransomware. Eventually, it became a private operation that had a narrow geographic focus. During 2017, Magnitude delivered Cerber ransomware via … [Read more...]

Exploit kits: Spring 2018 review

Since our last report on exploit kits, there have been some new developments with the wider adoption of the February Flash zero-day, as well as the inclusion of a new exploit for Internet Explorer. We have not seen that many changes in the drive-by landscape for a long time, although these are the results of improvements closely tied to malspam campaigns and exploits embedded within Microsoft … [Read more...]

Magnitude exploit kit switches to GandCrab ransomware

The GandCrab ransomware is reaching far and wide via malspam, social engineering schemes, and exploit kit campaigns. On April 16, we discovered that Magnitude EK, which had been loyal to its own Magniber ransomware, was now being leveraged to push out GandCrab, too. While Magnitude EK remains focused on targeting South Koreans, we were able to infect an English version of Windows by replaying a … [Read more...]

Hermes ransomware distributed to South Koreans via recent Flash zero-day

This blog post was authored by @hasherezade, Jérôme Segura and Vasilios Hioureas. At the end of January, the South Korean Emergency Response Team (KrCERT) published news of a Flash Player zero-day used in targeted attacks. The flaw, which exists in Flash Player 28.0.0.137 and below, was distributed via malicious Office documents containing the embedded Flash exploit. Only a couple of weeks after … [Read more...]

Drive-by download campaign targets Chinese websites, experiments with exploits

During our web crawls we sometimes come across bizarre findings or patterns we haven’t seen before. This was the case with a particular drive-by download attack planted on Chinese websites. While by no means advanced (it turned out to be fairly buggy), we witnessed a threat actor experimenting with several different exploits to drop malware. For years we have cataloged thousands of Chinese … [Read more...]