So are those who use obsolete software containing known vulnerabilities that can be exploited.
An exploit kit dubbed as “Magnitude EK” has been actively evolving and trying to infect users in South Korea, Taiwan, and Hong Kong.
Exploit kits, also known as exploit packs, are used to identify software installed on a victim’s computer, match them against the list of exploits in the pack, and deploy the appropriate attacks if one of the applications installed is vulnerable.
Wrote Boris Larin, security researcher at Kaspersky: “Magnitude EK is one of the longest-standing exploit kits. It was on offer in underground forums from 2013 and later became a private exploit kit. As well as a change of actors, the exploit kit has switched its focus to deliver ransomware to users from specific Asia Pacific (APAC) countries via malvertising. Our statistic shows that this campaign continues to target APAC countries to this day and during the year in question Magnitude EK always used its own ransomware as a final payload.”
Close monitoring by Kaspersky Security Network (KSN) also showed that Magnitude EK is actively maintained and undergoes continuous development. In February this year, it had switched to an exploit for the more recent vulnerability CVE-2019-1367 in Internet Explorer (originally discovered as an exploited zero-day in the wild).
In addition, the campaign’s older ransomware versions used to check for hardcoded language IDs, which include languages in Hong Kong, People’s Republic of China, Singapore, Taiwan, South Korea, Brunei Darussalam, and Malaysia. In newer versions, the check for the language ID was removed.
Malvertising makes ad blockers attractive
Commented Stephan Neumeier, managing director for Asia Pacific, Kaspersky: “As of last month, there was still a small percentage of online users in APAC browsing the web through Internet Explorer as it has remained the default web browser for Windows 7/8/8.1. Using obsolete software that will not receive security updates and vulnerability patches is synonymous to welcoming cybercriminals with open arms. Three years after the infamous Wannacry attack, businesses and individuals should now be more vigilant against ransomware and other types of attacks. All possible entry points in your systems and devices should be addressed as soon as possible.”
Meanwhile, malvertising refers to the use of online ads to distribute malicious programs. Cybercriminals embed a special script in a banner or redirect users who click on an ad, to a special page containing code for downloading malware. Special methods are used to bypass large ad network filters and place malicious content on trusted sites. In some cases, visitors do not even need to click on a fake ad—the code executes when the ad is displayed.
Users are advised to avoid clicking on random ads, visiting dubious websites and should use antivirus and endpoint security solutions.