dcsimg

A week in security (February 11 – 17)

Last week on Malwarebytes Labs we discussed the return of the Sextortion Bitcoin scams, we gave you an early overview of the exploit kits in the winter of 2019, we talked about the destruction of VFEmail service, for consumers we discussed whether you should remove yourself from social media, for businesses we discussed the implementation of an anti-phishing plan, and the concept of whole team … [Read more...]

Exploit kits: winter 2019 review

Active malvertising campaigns in December and the new year have kept exploit kit activity from hibernating in winter 2019. We mostly observed Fallout and RIG with the occasional, limited GrandSoft appearance for wider geo-targeting. In addition, narrowly-focused exploit kits such as Magnitude, Underminer, and GreenFlash Sundown stayed on the same track: delivering ransomware to mostly Asian … [Read more...]

Interview with a malware hunter: Jérôme Segura

In our series “Interview with a malware hunter,” our feature role today goes to Jérôme Segura, Malwarebytes’ Head of Threat Intelligence and world-renowned exploit kits researcher. The goal of this series is to introduce our readers to our malware intelligence crew by involving them in these Q&A sessions. So, let’s get started. Where are you from, and where do you live now? I was … [Read more...]

Improved Fallout EK comes back after short hiatus

After a short hiatus in early January, the Fallout exploit kit is back in business again with some new features for the new year. During its absence, we noticed an increase in RIG EK campaigns, perhaps to fill that temporary void. Fallout EK is distributed via malvertising chains (one of them we track under the name HookAds), especially through adult traffic. Since January 15, Fallout EK activity … [Read more...]

Underminer exploit kit improves in its latest iteration

One of the most interesting exploit kits we track is also a bit of an elusive one, and as such does not receive the same scrutiny as its RIG and Fallout counterparts. Underminer was mentioned in our Fall 2018 round up, and at the time was using CVE-2018-8174 (Internet Explorer) and CVE-2018-4878 (Flash Player up to version 28.0.0.137). In mid-December, we noticed some changes with Underminer that … [Read more...]

Exploit kits: fall 2018 review

Exploit kit (EK) activity continues to surprise us as the weather cools, the leaves change, and we move into the fall of 2018. Indeed, shortly after our summer review, a new exploit kit was discovered, and while no new vulnerabilities were added to the current EKs, several malvertising chains are still going strong. Smoke Loader, Ramnit, and AZORult are some of the most common payloads we’ve … [Read more...]

A week in security (August 6 – 12)

Last week, we published a review of exploit kits, talked about everyday tech that can give you a headache, and showed how to protect RDP access from ransomware. We also published a study on the true cost of cybercrime. Other news: Discovered at Black Hat: WhatsApp “message manipulation” (Source: The Register) Discovered at Black Hat: AI attacks (Source: The Register) Once again, … [Read more...]

Exploit kits: summer 2018 review

The uptick trend in cybercriminals using exploit kits that we first noticed in our spring 2018 report has continued into the summer. Indeed, not only have new kits been found, but older ones are still showing signs of life. This has made the summer quarter one of the busiest we’ve seen for exploits in a while. Perhaps one caveat is that, apart from the RIG and GrandSoft exploit kits, we … [Read more...]

A week in security (June 11 – June 17)

Last week on Malwarebytes Labs, we discussed how to protect the online privacy of children, we gave you a spring 2018 overview of exploit kits, rounded up the ongoing discussions about the VPNFilter malware, and discussed the struggles of (UK) law enforcement with modern-day cybercrime. Other news Terros Health data breach: 1,600 patients potentially impacted. (Source; ABC 15) A critical server … [Read more...]

Exploit kits: Spring 2018 review

Since our last report on exploit kits, there have been some new developments with the wider adoption of the February Flash zero-day, as well as the inclusion of a new exploit for Internet Explorer. We have not seen that many changes in the drive-by landscape for a long time, although these are the results of improvements closely tied to malspam campaigns and exploits embedded within Microsoft … [Read more...]