Exploit kits (EKs) are rapidly deployable software packages designed to leverage vulnerabilities in web browsers and deliver a malicious payload to a victim’s computer.
Due to the increase in popularity and value of cryptocurrency, EK operators are shifting their focus from ransomware to crypto miners. All the exploit kits mentioned in this roundup were seen infecting users with crypto miners malware; along with the miners, malvertising campaigns that are directing users to exploit kits have also known an increase.
RIG Exploit Kit
RIG EK has been around for some time. There are many other EKs, but RIG has been persistently on the cyberspace adopting changes over and over again. Its most recent changes consist of the inclusion of CVE-2018-8174 and the use of crypto miner payloads; it is spread mostly via malvertising campaigns running on pirated movie streaming or porn websites.
These malvertising campaigns are not restricted to any specific geographical location.
After running an analysis on this specific page, researchers discovered that the landing page contains exploit code for VBScript memory corruption vulnerability CVE-2018-8174, CVE-2016-0189, and a third Flash-based exploit.
After all three vulnerabilities are loaded, various crypto miners or GandCrab ransomware payloads are downloaded by RIG EK.
Companies and individual people must take certain precautions against this growing phenomenon of cyber attacks; for that they should implement at least a cybersecurity solution, like an antivirus, to protect their systems. Necessary things like regularly updating operating systems, using antivirus for Windows or antivirus for Mac depending on which OS your device is using. Companies must also hire professional cybersecurity firms to do regular checkups to their internal network a couple of times per year. These checkups must always include a penetration test and various ethical hacking test.
The old cybersecurity methods like signature-based antivirus and sandbox detonation are too limited when it comes to today’s new and advanced cyber threats. For now, Solebit remains a unique company that helps and offer customers a new approach that fundamentally improves their cybersecurity and resilience efficacy in the most efficient way on the market.
GrandSoft Exploit Kit
For those who don’t know GrandSoft is an exploit kit that is serving GandCrab ransomware or other crypto mining payloads.
GrandSoft EK also uses malvertising campaigns for spreading and CVE-2018-8174 VBScript memory corruption vulnerability exploit for the landing page.
KaiXin Exploit Kit
The KaiXin EK is active since the last quarter of 2017; a recent addition to this EK is the use of the CVE-2018-8174 exploits too. Its landing page is the same as the RIG Exploit Kit page which in this case delivers the PoC shared on GitHub. The payload seen in this case it is also a Trojan: MD5:e28d993fd4ae1fb71d645159f726f570).
Exploit kits are effective for infecting victim machines without users’ knowledge. Hackers frequently change their techniques by obfuscating the source code or injecting new exploit code into their EKs
To avoid infections from exploit kits, users should always block untrusted third-party scripts and resources, avoid clicking on suspicious advertisements, and keep browser plugins and web browsers up to date with latest patches.
We must say that every device has a significant value that must be protected by at least cybersecurity solution like an antivirus. Depending on which OS your device is running, install an antivirus for Windows or antivirus for Mac for total protection. Companies must take an extra step and hire a professional cybersecurity firm that will run various cybersecurity tests on your company’s network to implement only the best possible cybersecurity solution. Always opt for a package that includes at least a penetration test and ethical hacking test. For companies that exist 100% online, we recommend the using of cyber-secured web hosting services.