If you thought the criminal cyber world took a break from surfing the internet and concentrated on other things, it didn’t take long for the ugly reality to rear its head, and reveal some new revelations. This information comes to us from our friends at Sophos, and serves as a good reminder to be vigilant.
EXPLOIT KITS REVISITED
Make no mistake, hijacking your data, and stealing information is a business. Cyber criminals have more and more resources at their fingertips and are more and more organized.
To explain: an exploit kit is a pre-packaged toolkit of malicious web pages that criminals can buy, license or lease for the purpose of distributing malware.
In other words, if you have some shiny new malware – ransomware, perhaps, or a zombie, or a password stealer – you can use an exploit kit to deliver that malware to unsuspecting victims.
Instead of figuring out how to booby-trap your own web pages so that visitors end up infected, you rely on pre-prepared attack code in an exploit kit to try out a series of known security holes, in the hope that one will succeed.
Thanks to exploit kits, malware authors don’t need to worry about how to find bugs in Java, or Silverlight, or Flash; how to build those bugs into working exploits; how to find insecure web servers to host the exploits; or how to entice prospective victims to the booby-trapped web pages.
Likewise, the exploit kit authors don’t have to worry about writing full-blown malware; they don’t have to run servers to keep track of infected computers, or to collect money from individual victims; they don’t have to get involved in exfiltration of stolen data, or selling that data on, and so forth.
Each group specializes in one or more parts of the threat landscape, in what’s become known, satirically, as CaaS, or Crimeware-as-a-Service.
Interestingly, even though an exploit kit can in theory be used to deliver almost any sort of malware ( the crooks can choose which malware to implant at runtime if they want), industry leader in security, Sophos Labs, has found that so far in 2016, Angler’s biggest partners in crime are…
…the guys behind the Crypto Wall ransomware.
If you’ve been following the Crypto Ware saga, you’ll know that Crypto Wall 4.0 is latest version of this ransomware family.
Version 4 is very similar to earlier versions, inasmuch as it scrambles all your files using a cryptographic key that is known only to the crooks, whereupon the malware offers to sell you the key for a few hundred dollars. If you don’t have a decent backup, and you want to recover your data, you don’t have much choice but to pay up.
But there are some curious differences in Cryptowall 4.0, too, notably that it doesn’t just scramble your files and then wait for you to open one of them and receive an error.
Cryptowall 4.0 is much more in-your-face than previous versions, scrambling your filenames as well as their contents, to make the extent of its damage much more immediately obvious:
WHAT TO DO?
To protect against exploit kits:
- Patch early, patch often. If you have already closed the holes that an exploit kit is programmed to try, all its alternatives will fail and the exploit kit will be useless.
- Remove unused browser plugins. If you don’t need Java (or Silverlight, or Flash) in your browser, uninstall the plugin. An exploit kit can’t attack a browser component that isn’t there.
- Use an active anti-virus and web filter. Good virus detection tools will block the whole exploit kit if even one its components (or associated web pages) is suspected.
- Make regular backups, and keep a copy offsite. If you encrypt your backups, then you can store them at a friend’s house (and vice versa) without each of you worrying about what happens if the other’s home gets burgled.
- Use administrative accounts only when necessary, not all the time. Most ransomware will scramble any file to which it has write access, even if it’s on a removable device or a network drive
BMB Offers a full suite of Security Products to keep you protected.