The latter half of 2016 saw a major shift in the exploit kit landscape, with many established kits suddenly dropping operations or switching business models. As we discussed in our 2016 Security Roundup, Angler, which has dominated the market since 2015, suddenly went silent. We tracked 3.4 million separate Angler attacks on our clients in…Read More
We have tracked three malvertising campaigns and one compromised site campaign using Cerber ransomware after version 4.0 (detected as as Ransom_CERBER.DLGE) was released a month after version 3.0. More details of this latest iteration of Cerber are listed in a ransomware advertisement provided by security researcher Kafeine.Read More
Early this year, we reported that in 2015, Angler came out as the top exploit kit, having contributed 59.5% in the total exploit kit activity for the year. Now, there’s barely any pulse left.
After the arrest of 50 people accused of using malware to steal US$25 million, it is interesting to note that Angler basically stopped functioning. With Angler’s reported inactivity, it appears that cybercriminals are scrambling to find new exploit kits to deliver malware. Angler had been the exploit kit of choice because it was the most aggressive in terms of including new exploits and it was able to apply a lot of antivirus evasion techniques such as payload encryption and fileless infection.Read More
In early April of this year a zero-day exploit (designated as CVE-2016-1019) was found in Adobe Flash Player. This particular flaw was soon used by the Magnitude Exploit Kit, which led to an Adobe out-of-cycle patch. This flaw was being used to lead to drive-by download attacks with Locky ransomware as the payload.
However, this did not end the threat for users. We recently saw a new variant of this attack that added an unusual twist. On top of the Flash exploit, an old escalation of privileges exploit in Windows (CVE-2015-1701) was used to bypass sandbox technologies.Read More
In the first part of this series of blog posts, we discussed what new developments and changes in the exploit kit landscape were seen in 2015. In this post, we look at the scale of the exploit kit problem – how many users were affected, which exploit kits are popular, and where are the users coming from?Read More