BACK

Exploit kits: winter 2019 review

Exploit kits: winter 2019 reviewActive malvertising campaigns in December and the new year have kept exploit kit activity from hibernating in winter 2019. We mostly observed Fallout and RIG with the occasional, limited GrandSoft appearance for wider geo-targeting. In addition, narrowly-focused exploit kits such as Magnitude, Underminer, and GreenFlash Sundown stayed on the same track: …

  • 12 Feb 2019
3 min read
Exploit kits: winter 2019 review
Active malvertising campaigns in December and the new year have kept exploit kit activity from hibernating in winter 2019. We mostly observed Fallout and RIG with the occasional, limited GrandSoft appearance for wider geo-targeting. In addition, narrowly-focused exploit kits such as Magnitude, Underminer, and GreenFlash Sundown stayed on the same track: delivering ransomware to mostly Asian countries, and South Korea in particular. Winter 2019 overview Fallout EK RIG EK GrandSoft EK Magnitude EK Underminer EK GreenFlash Sundown EK Internet Explorer’s CVE-2018-8174 and Flash’s CVE-2018-4878 continue to be the most common vulnerabilities across the board, even though a couple exploit kits have now integrated the newer Flash CVE-2018-15982. Fallout EK Fallout keeps bringing fresh air into an otherwise stale atmosphere by introducing new features and even adopting newer vulnerabilities. It also appears to be a good experimental framework for some actors who have customized the payload delivery. Fallout was the second exploit kit to add CVE-2018-15982, a more recent vulnerability for the Flash Player. RIG EK Good old RIG is still kicking around, but has taken a back seat to the newer Fallout in many of the malvertising chains we track, except perhaps for Fobos. There haven’t been any notable changes to report since we last reviewed it. GrandSoft EK GrandSoft and its Ramnit payload still go hand-in-hand via limited distribution tied to compromised websites. It is perhaps one of the least sophisticated exploit kits on the market right now. Magnitude EK Meanwhile, Magnitude EK is active and served up via malvertising chains, with a focus on some APAC countries like South Korea. Magnitude continues to deliver its fileless Magniber ransomware payload. Underminer EK Underminer’s over-the-top encryption schemes to hide its exploits are keeping us researchers honest when trying to identify exactly what is under the hood. It’s worth noting that only a few days after the Flash zero-day and Proof of Concept (PoC) had been published (CVE-2018-15982), Underminer was already implementing it. GreenFlash Sundown EK Also a geo-specific exploit kit, GreenFlash Sundown has been delivering various breeds of ransomware to targets in Asia. In our latest capture, we saw it drop the Seon ransomware on South Korean users. Mitigation While timely patching and avoidance of Internet Explorer as a web browser would offer protection against the above-mentioned exploit kits, the reality is that many users (especially in corporate environments) are still trailing behind. In addition, while IE is being phased out in North America, it’s still highly adopted in Asian countries—which explains why they are currently
Source: Malware BytesPublished on 2019-02-12
Blog Details
  • 12 Feb 2019

Newest Articles.

View all
  • 15 Apr 19

    Cyber Security Compliance: Protecting your Business from Online Threats

    Read Article logo
  • 03 Apr 19

    What is Social Engineering?

    Read Article logo

Get a Quote

Click below and we’ll send you a quote as soon as possible.

quote-form-pattern
  • This field is for validation purposes and should be left unchanged.

Contact Us

Click below and we’ll send you a quote as soon as possible.

quote-form-pattern
  • This field is for validation purposes and should be left unchanged.

Step 1 of 4 - Let’s get started

25%
  • Thanks for your interest in working with us. Please complete the details below and we’ll get back to you as soon as possible.
Close ×
price-popup-pattern
Close ×
price-popup-pattern
Close ×

Step 1 of 3

33%
  • Cyber Essentials Basic Pass Guarantee - £750

    Your Details

price-popup-pattern
Close ×

Step 1 of 3

33%
  • Cyber Essentials Basic Pay Monthly - £79 pcm

    Your Details

price-popup-pattern
Close ×

Step 1 of 2

50%
  • Cyber Essentials Plus - Get a Quote

    Your Details

price-popup-pattern
Close ×

Get In Touch

  • This field is for validation purposes and should be left unchanged.
price-popup-pattern
Close ×

Get A Quote

  • This field is for validation purposes and should be left unchanged.
price-popup-pattern
Close ×
price-popup-pattern

Buy Cyber Essentials

price-popup-pattern